Re: squid.conf -- acl flags -= Still no go! =-

From: Jason Lixfeld <>
Date: Tue, 6 May 1997 16:59:40 -0400 (EDT)

Ok, now I have this:

acl manager proto cache_object
acl localhost src
acl officenet src
acl all src
acl SSL_ports port 443 563

http_access deny !officenet
icp_access deny !officenet

Do you think I should add a http_access deny all, icp_access deny all? I
tried it with this config, and the proxy does not give me an error,
however if I go back and look into the access.log I get:

862939318.735 99 TCP_DENIED/400 469 GET - NONE/- -
862939328.658 4 TCP_DENIED/400 469 GET - NONE/- -
862939861.198 6142 ERR_INVALID_REQ/400 290 NONE - - NONE/- -

but I was under the impression that squid would give you a 403 error when
trying to access the proxy. Funny though, I'm currently at an IP of and I have been accessing this proxy (for testing purposes).
As I said before, I can get to all the sites, but the entries do not show
up in any of the logs. And I do not get any of the errors in the logs as
described above.

| >You *do* have an acl called 'all', don't you? Your errors would | >seem
to suggest not. Try adding
| >
| >acl all src
| >
| >>And all networks within our domain are STILL able to connect to this
| >>proxy, when all I want is 2.
| >
| >That's because they reach the end of this list and fall through.
| >Once you get the deny all working, it should stop happening.
| >
| >BTW, did you try using 'http_access deny !officenet !oldofficenet'
| >as I suggested in my earlier post? That should also solve the problem,
| >it just reverses the logic and you don't need a 'deny all' then
| >because deny is then the default.
| >
| >--
| >Duncan Anker
| >
| >Health freaks are going to feel stupid one day, when they're
| >lying in a hospital bed, dying of nothing.
| >
| >---------------------------------------------------------
| >Get Your *Web-Based* Free Email at
| >---------------------------------------------------------
| >
| >
Received on Tue May 06 1997 - 14:33:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:07 MST