Re: squid.conf -- acl flags -= Still no go! =- from Jason Lixfeld on 1997-05-06 (squid-users)

From: Jason Lixfeld <jlixfeld@dont-contact.us>
Date: Tue, 6 May 1997 16:59:40 -0400 (EDT)

Ok, now I have this:

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl officenet src 207.136.72.0/255.255.255.0 207.136.75.65/255.255.255.192
199.166.254.0/255.255.255.0 207.136.82.58/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl CONNECT method CONNECT

http_access deny !officenet
icp_access deny !officenet

Do you think I should add a http_access deny all, icp_access deny all? I
tried it with this config, and the proxy does not give me an error,
however if I go back and look into the access.log I get:

862939318.735 99 207.136.82.0 TCP_DENIED/400 469 GET
http://www.cyberlibel.com/ - NONE/- -
862939328.658 4 207.136.82.0 TCP_DENIED/400 469 GET
http://www.cyberlibel.com/ - NONE/- -
862939861.198 6142 207.136.80.0 ERR_INVALID_REQ/400 290 NONE - - NONE/- -

but I was under the impression that squid would give you a 403 error when
trying to access the proxy. Funny though, I'm currently at an IP of
207.136.98.14 and I have been accessing this proxy (for testing purposes).
As I said before, I can get to all the sites, but the entries do not show
up in any of the logs. And I do not get any of the errors in the logs as
described above.

| >You *do* have an acl called 'all', don't you? Your errors would | >seem
to suggest not. Try adding
| >
| >acl all src 0.0.0.0/0.0.0.0
| >
| >>And all networks within our domain are STILL able to connect to this
| >>proxy, when all I want is 2.
| >
| >That's because they reach the end of this list and fall through.
| >Once you get the deny all working, it should stop happening.
| >
| >BTW, did you try using 'http_access deny !officenet !oldofficenet'
| >as I suggested in my earlier post? That should also solve the problem,
| >it just reverses the logic and you don't need a 'deny all' then
| >because deny is then the default.
| >
| >--
| >Duncan Anker http://www.angelfire.com/or/darcknight/
| >
| >Health freaks are going to feel stupid one day, when they're
| >lying in a hospital bed, dying of nothing.
| >
| >---------------------------------------------------------
| >Get Your *Web-Based* Free Email at http://www.hotmail.com
| >---------------------------------------------------------
| >
| >
Received on Tue May 06 1997 - 14:33:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:07 MST