Can't deny access to accelerator

From: <P.Lister@dont-contact.us>
Date: Wed, 11 Dec 96 16:47:45 +0000

I'm trying to set up Squid 1.1.0 as an accelerator to mirror the
access control of the web server, since (obviously) the server
considers the accelerator to be local. But whatever I do, I can never
deny myself access. After various permutations, I've tried removing
all the

http_access allow ...

lines, and added

http_access deny all

Now, I reckon that should deny access to everything for everyone,
right? Wrong, Squid is still happily serving any requests I make.

Where have I gone wrong? Before you ask, I have HUPed and restarted
the Squid accelerator, several times. Here's an idiot check on the
file (and yes, I've checked it's the right filename; all the other
config in this file is being read and acted on).

# grep http_access /usr/local/squid/etc/squid.accel.conf
# http_access allow|deny [!]aclname ...
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access deny all
#http_access deny hypernews !cranfield
#http_access deny hypernews
#http_access allow all
# By default, allow all clients who passed the http_access rules
# grep acl /usr/local/squid/etc/squid.accel.conf
# * There is also a 'cache_host_acl' tag in the ACL
# acl aclname acltype string1 ...
# acl aclname acltype "file" ...
# acltype is one of src dst srcdomain dstdomain url_pattern urlpath_pattern
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP address)
# acl aclname srcdomain foo.com ... (taken from reverse DNS lookup)
# acl aclname dstdomain foo.com ... (taken from the URL)
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# acl aclname url_regex ^http:// ... # regex matching on whole URL
# acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only
# acl aclname port 80 70 21 ...
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# acl aclname browser regexp
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl cranfield src 138.250.0.0/255.255.0.0
acl hypernews urlpath_regex ^/hypernews
acl SSL_ports port 443 563
acl CONNECT method CONNECT
# http_access allow|deny [!]aclname ...
# icp_access allow|deny [!]aclname ...
# acl localclients src 172.16.0.0/16
# TAG: cache_host_acl
# cache_host_acl cache-host [!]aclname ...
# deny_info URL acl1 acl2 ...

Peter Lister Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University Voice: +44 1234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK Fax: +44 1234 751814
------------------------------------------------------------------------
     (1) "Yes" (2) "No" (3) "That would be an ecumenical matter"
------------------------------------------------------------------------
Received on Wed Dec 11 1996 - 09:29:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:51 MST