Similar to 'nother acl question?

Dear squid-users

I would be very grateful for any ideas or hints on this problem, please.
It seems like it may involve questions similar to the posting with subject
"'nother acl question...", since it has happened due to an upgrade from
2.1 to 2.3. Or maybe it's not...

I have just upgraded one of our dual sibling caches up to 2.3 from 2.1.
I migrated the squid.conf file over manually, in other words I checked
for differences from the default and manually added all the lines from
the old conf file to make the new one work. Trouble is it doesn't (work).

I have cut out the lines in question and set them out below.
All "acl" and "http_access" lines in the conf files are shown.

The changes between the two files are minimal.
I have moved an "always_direct" line.
I have removed the "snmp_mib_path" line because it doesn't parse in 2.3.
I have removed an "acl" definition that is never used.

But I have had to put in an "http_access allow all" because the lines
"acl ourhosts srcdomain scu.edu.au
http_access allow ourhosts"
don't seem to be allowing local domain hosts to use the cache.
They are getting an "access denied due to configuration" error message.

Presumably I have done something really stupid, but I can't see that
the two files are so different, and really the v2.3 squid.conf should
work just by looking at it on its own. It appears that "acl ourhosts
srcdomain scu.edu.au" is not matching on "http_access allow ourhosts".

Can you help please?

Neil Gulati.
===========================================================================
SQUID 2.1 SQUID.CONF

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

acl butterworth dstdomain butterworths.com.au
always_direct allow butterworth

acl itd src 203.2.32.2
http_access allow manager ITD #<<< shouldn't be in capitals
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl ourhosts srcdomain scu.edu.au
acl ournat src 10.0.0.0/8

http_access allow ourhosts
http_access allow ournat

http_access deny all

acl overquota src 203.2.32.99 #<<< not used at all, should be removed

acl local-servers dstdomain scu.edu.au
always_direct allow local-servers

# this line doesn't parse in v 2.3
snmp_mib_path /usr/local/inst/squid-prod/etc/mib.txt
===========================================================================
SQUID 2.3 SQUID.CONF

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

acl itd src 203.2.32.2
http_access allow manager itd
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports #<<< what is CONNECT?

acl ourhosts srcdomain scu.edu.au
http_access allow ourhosts #<<< surely this should work

acl ournat src 10.0.0.0/8
http_access allow ournat
http_access allow all #<<< had to put this in to make it work

http_access deny all

acl butterworth dstdomain butterworths.com.au
always_direct allow butterworth

acl local-servers dstdomain scu.edu.au
always_direct allow local-servers
===========================================================================
_______________________________________________
                  NEIL GULATI
            Unix Systems Programmer
       Information Technology Directorate
           Southern Cross University
         Northern Rivers NSW Australia
Received on Thu Feb 03 2000 - 18:57:04 MST