Re: squid.conf -- acl flags -= Still no go! =-

>Date: Tue, 6 May 1997 06:05:25 -0400 (EDT)
>From: Jason Lixfeld <jlixfeld@idirect.com>
>To: Duncan Anker <dunc1@hotmail.com>
>cc: squid-users@nlanr.net
>Subject: squid.conf -- acl flags -= Still no go! =-
>
>Well, I tried what you suggested, and it didn't make a difference! =(.
>when I added the http_access deny all, and icp_access deny all, I got a
>message in squid.out that said:
>
>97/05/06 05:24:11| squid.conf line 949: http_access deny all
>97/05/06 05:24:11| aclParseAccessLine: ACL name 'all' not found.
>97/05/06 05:24:11| squid.conf line 949: http_access deny all
>97/05/06 05:24:11| aclParseAccessLine: Access line contains no ACL's,
>skipping
>97/05/06 05:24:11| squid.conf line 954: icp_access deny all
>97/05/06 05:24:11| aclParseAccessLine: ACL name 'all' not found.
>97/05/06 05:24:11| squid.conf line 954: icp_access deny all
>97/05/06 05:24:11| aclParseAccessLine: Access line contains no ACL's,
>skipping
>

You *do* have an acl called 'all', don't you? Your errors would
seem to suggest not. Try adding

acl all src 0.0.0.0/0.0.0.0

>And all networks within our domain are STILL able to connect to this
>proxy, when all I want is 2.

That's because they reach the end of this list and fall through.
Once you get the deny all working, it should stop happening.

BTW, did you try using 'http_access deny !officenet !oldofficenet'
as I suggested in my earlier post? That should also solve the problem,
it just reverses the logic and you don't need a 'deny all' then
because deny is then the default.

--
Duncan Anker         http://www.angelfire.com/or/darcknight/
                     
Health freaks are going to feel stupid one day, when they're
lying in a hospital bed, dying of nothing.
---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------