Re: [squid-users] RE: Squid ACL Problem from Squid Support (Henrik Nordstrom) on 2002-05-07 (squid-users)

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Wed, 8 May 2002 00:04:06 +0200

Should work fine. Are you sure that these other proxies are using
your Squid? See access.log.

If these other proxes are Squid based then they will quite likely
attempt going direcly when being refused by your Squid.

Note: There is other errors in your http_access rules.. you should
move all the http_access deny lines infront of your http_access allow
lines (after the manager line).

Regards
Henrik

On Tuesday 07 May 2002 22:21, Squid wrote:
> Has anybody ran across this problem. I have SQUID 2.4 Stable 3 on
> a Red Hat 7.2 system, with 2 NIC's one on a public IP the other on
> a private. I have an ACL set to block two sites one by IP the
> other by domain. The problem is it only works on the local server.
> If another computer proxies to it, it is not blocked. The block
> only works on the local host.
>
> acl all src 0.0.0.0/0.0.0.0
> #
> acl mynet src 172.16.0.0/255.255.0.0
> acl pubnet src xxx.xxx.xxx.xx/255.255.255.xxx
> acl howetest dst 156.110.224.8
> acl camerontest dstdomain www.cameron.k12.ok.us
> #
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access deny howetest
> http_access deny camerontest
> http_access allow manager localhost
> http_access allow mynet
> http_access allow pubnet
> http_access deny manager
> http_access deny !Safe_ports # Deny requests to unknown ports
> http_access deny CONNECT !SSL_ports # Deny CONNECT to other than
> SSL ports
>
>
> Any body got an answer?
>
> Thanks
> Bruce Gillham
> Technology Coordinator
> Wister Public Schools
> bgillham@wister.k12.ok.us

-- 
MARA Systems AB, Giving you basic free Squid support
Your source of advanced web reverse proxying solutions
http://www.marasystems.com/producs/

Received on Tue May 07 2002 - 16:11:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:57 MST