RE: [squid-users] Numerical URL problem...

Hi.
Have you removed the following line?
'acl all src 0.0.0.0/0.0.0.0'
This should always exist in order to prevent unauthorized access to your
proxy.
If you create the 'acl all' you shall be able to use your proxy, but
everybody else will be able too.
I advise you also to replace 'http_access allow all' with 'http_access deny
all'.
Then create an ACL matching your net IP addresses and allow access only to
those machines.
The procedure to do this is described in the Instructions and the FAQ.

Regards,

Bruno Guerreiro
-----Original Message-----
From: Hennie Rautenbach [mailto:hennie@sabinet.co.za]
Sent: Terça-feira, 13 de Março de 2001 13:01
To: Robert Collins
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Numerical URL problem...

Hi there,

Robert Collins wrote:

> Can you now please turn squid's debug line in squid.conf to
> have the value ALL,1 33,2

Done.

> and the run squid -k reconfigure?

Generated the following errors on the command line:

2001/03/13 14:51:55| squid.conf line 353: http_access allow all
2001/03/13 14:51:55| aclParseAccessLine: ACL name 'all' not found.
2001/03/13 14:51:55| squid.conf line 353: http_access allow all
2001/03/13 14:51:55| aclParseAccessLine: Access line contains no ACL's,
skipping

Checked line 353: (The last line of the ACL config below)

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl sabinet dstdomain .sabinet.co.za
always_direct allow sabinet
acl Cooking1 url_regex cooking
acl Cooking2 url_regex cooks
acl Cooking3 url_regex cookbook
acl Recipe1 url_regex recipe
acl porn url_regex "/disk1/squid-cache/etc/porn.txt"
acl noporn url_regex "/disk1/squid-cache/etc/noporn.txt"
http_access deny porn !noporn
http_access deny Cooking1
http_access deny Cooking2
http_access deny Cooking3
http_access deny Recipe1
http_access allow all <-- The bugger it is moaning about.

> Try that page again, then you will have some entries in your squid.conf
> reflecting the acl logic - specifically which acl stopped the request from
> being sericed.

I'm learning as we go along....

"cache.log" reports after I have done what you suggested:

2001/03/13 14:55:38| The request GET
http://www.parliament.gov.za/Documents/prog
rammes/36959376284722222222.h is DENIED, because it matched 'noporn'
2001/03/13 14:55:45| The request GET
http://www.parliament.gov.za/Documents/prog
rammes/36959376284722222222.htm is DENIED, because it matched 'noporn'

So, guess I'll be checking "noporn". :-)

Attached for your benefit:

Hennie
Received on Tue Mar 13 2001 - 07:30:50 MST