Re: [squid-users] ACL not filtering

From: Alberto Brealey G. <beto@dont-contact.us>
Date: Tue, 8 Jan 2002 16:23:14 -0600

On Tue, Jan 08, 2002 at 02:20:12PM -0500, Serge Bianda wrote:

> #Defaults:
> acl all src 0.0.0.0/0.0.0.0 --> Is this supposed to be enabled?
> acl manager proto cache_object --> Can someone tell me if this manager acl
> is necessary as it was installed by default

the manager acl is used in the access control for the cachemgr.cgi
admin/info interface

> acl localhost src 127.0.0.1/255.255.255.255 --> is this supposed to be
> enabled too?

it does not hurt to have those acl's defined, since you certainly will
need them for most default configurations.

>
> http_access allow LAN
> http_access deny LAN noporn
> http_access deny all --> Could this be the problem?
>

you have them in the wrong order. from the documentation: the access
control directives (as in "http_access"), are checked in order, when
one matches, the search stops. you have "allow LAN" as the first access
control, so it matches *every* request coming from your LAN, the next AC
is never checked for requests coming from your LAN.

anyway, this is pretty well documented in the default squid.conf

-- 
Alberto Brealey
beto@inalambrica.net
Received on Tue Jan 08 2002 - 15:23:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:41 MST