Re: Squid bugs of access control

Did you forget miss_access for the same list of acl's? Probably they are
getting denied anything that isn't in the cache.

D

Chih-Wei Huang wrote:
>
> It seems the access control lists of squid are buggy.
> My server is running Red Hat 5.0, kernel 2.0.33, with
> squid 1.1.20(however, the squid binary was not compiled with
> glibc2. It was link to the old libc).
>
> I have the following setting in my squid.conf
>
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl localdomain srcdomain localhost
> acl trinovaip src 203.66.166.0/24
> acl trinovadomain srcdomain trinova.com.tw
>
> http_access allow localhost
> http_access allow localdomain
> http_access allow trinovaip
> http_access allow trinovadomain
>
> However, when I tried to use lynx to browse the Red Hat homepage,
> some urls are OK, while others are access DENIED!
> The access_log gave:
> 890789677.244 72 localhost TCP_HIT/200 55893 GET
> http://www.redhat.com/suppo
> rt/docs/rhl/manual/manual/doc000.html - NONE/- text/html
> 890789684.436 18 localhost TCP_DENIED/400 507 GET
> http://www.redhat.com/supp
> ort/docs/rhl/manual/manual/doc042.html - NONE/- -
>
> What's wrong??
>
> Another problem. If I put the four http_access lines into one line:
> http_access allow localhost localdomain trinovaip trinovadomain
>
> All the clients from my LAN were DENIED!
> 890790594.182 13 cwhuang.trinova.com.tw TCP_DENIED/400 472 GET
> http://www.re
> dhat.com/redhat/ - NONE/- -
>
> I had to split it into four lines to avoid this problem.
> (Though it is still buggy for 'localhost')
>
> Are there bugs of squid? Or it's my fault...?
> Please reply to my email address, since I'm not in the list! Thanks!
>
> --
> C.W.Huang

-- 
Did you read the documentation AND the FAQ?
If not, I'll probably still answer your question, but my patience will
be limited, and you take the risk of sarcasm and ridicule.