RE: [squid-users-request@ircache.net: Re: Filter out Sex... Sites ]

From: Clive Barrows <c.a.barrows@dont-contact.us>
Date: Fri, 23 Oct 1998 16:50:15 +0100

FAQ-10.html states that acls on a line are AND'ed

The failure could be due to something in the sexsites file.
One suggestion is to simply the content of sexsites
and then try

  http_access deny sexsites

Another suggestion is to reverse the acls (using the
simplified sexsites file) i.e.

  http_access deny all sexsites

Check you logs (grep DENIED access.log | more) to
see if the actual site is being denied and if it matches
something in your acl.

Let me to know if you determine the cause of the problem.

Regards,

Clive Barrows

-----Original Message-----
From: Peter van Dijk [mailto:peter-squid@attic.vuurwerk.nl]
Sent: 23 October 1998 15:48
To: squid-users
Subject: [squid-users-request@ircache.net: Re: Filter out Sex... Sites]

On Fri, Oct 23, 1998 at 08:52:28AM -0400, Don Brown wrote:
> I've tried doing this, but when I use it, I get denied to everywhere.
> I've setup the deny, but not the "notsex" section, as I only want to
> block the adult related sites. Can someone tell me what I've got
> configured wrong? Here's the acl section from my squid.conf file:
> -----------------------------------
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl mercury src 12.63.229.10/255.255.0.0
> acl pluto src 12.63.229.6/255.255.0.0
> acl sexsites url_regex "/var/squid/etc/adultdomain.dat"
> acl SSL_ports port 443 563
> acl Dangerous_ports port 7 9 19
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access allow manager mercury
> http_access allow manager pluto
> http_access deny manager
>
> # deny access to adult sites
> http_access deny sexsites all

This is incorrect. Here, you tell squid to 'deny' 'http_access' for any
requests
matching 'sexsites' OR 'all'. Remove the 'all' from this line and you
should be
all set.

I ran into a similar problem after installing squid (yesterday :) which
was
fixed by putting the two ACL's on two separate lines and not combining
them.

> # Allow everything else
> http_access allow all
>
> # Reply to all ICP queries we receive
> icp_access allow all

Greetz, Peter. 

-- 
'I guess anybody who walks away from a root shell at :         Peter van
Dijk
 a nerd party gets what they deserve!' -- BillSF
:peter@attic.vuurwerk.nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --
-- --
finger hardbeat@mdk.ml.org for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---
-
Received on Fri Oct 23 1998 - 09:56:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:46 MST