[squid-users] ACL configuration problem??? from Bradley Brown on 2001-06-13 (squid-users)

From: Bradley Brown <bradley@dont-contact.us>
Date: Wed, 13 Jun 2001 14:35:20 -0400

Hello everyone,
    I am using squid to provide internet access
(obviously) and to limit
that access to several users. Rather than telling
them what sites they
can't go to, I'm using squid to tell them what
sites they can go to. In
a nutshell... I have a file that contains a the
names of the web sites
that can be accessed.
    I am having a problem with one of the urls in
the list however. I'm
fairly sure that this is either a problem with my
acl configuration
(probably) or a problem with squid (not so
probably).
    Here's how it looks:

acl sales proxy_auth
"/usr/local/squid/etc/aclfiles/sales.acl" # This
one
acl purch proxy_auth
"/usr/local/squid/etc/aclfiles/purch.acl"
acl office proxy_auth
"/usr/local/squid/etc/aclfiles/office.acl"
acl admin proxy_auth
"/usr/local/squid/etc/aclfiles/admin.acl"
acl unrestr proxy_auth
"/usr/local/squid/etc/aclfiles/unrestr.acl"
acl ftp proto FTP
acl salesdomain dstdomain
"/usr/local/squid/etc/aclfiles/sales.domain" #
and this one
acl purchdomain dstdomain
"/usr/local/squid/etc/aclfiles/purch.domain"
acl officedomain dstdomain
"/usr/local/squid/etc/aclfile/office.domain"
http_access deny sales !salesdomain
http_access deny purch !purchdomain
http_access deny office !officedomain
http_access allow unrestr
http_access allow admin
http_access deny ftp !admin
http_access allow all

The sales.domain file is a single column listing of
urls in
"domainname.com" format. The file currently
contains 28 entries. One of
the entries is the url for Northwest Airlines
(nwa.com), but when a
restricted user attempts to go to the site, they
get either garbled
output, or they are told that the access
restrictions are denied.
This url is also in other restricted lists
(purchdomain) and it works
fine, although there are only about 2/3's as many
urls in the
purch.domain file.
I have attempted deleting out the entry form
the sales.domain file
and re-entering it, but no. I tried adding an
"always_direct" statement
for nwa.com but no luck there either.
If anyone can help me out and give me some idea
as to what is going
or what I am doing wrong, I would be most grateful.
Bradley
Received on Wed Jun 13 2001 - 12:33:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:44 MST