Re: [squid-users] Preventing private IP's in URL's

From: Frank Neumann <frank.neumann@dont-contact.us>
Date: Thu, 13 Jun 2002 12:21:38 +0200

Hi,

that doesn't seem to work. The cache, which of course has a public
IP address, still wants to retrieve a page like 172.16.1.2 from the public
internet and correctly fails with 'connection timed out'. In the access
log it says

1023962516.005 239538 a.b.c.d TCP_MISS/504 1026 GET http://172.16.1.2/ -
NONE/- -

Any other configuration pitfalls I may have trapped in? Yes, I gave 'squid
-k reconfigure' to the cache after changing the acl.


Another question regarding ftp uploads. It seems that ftp uploads fail
depending on the size of the uploaded file (but that also may depend on
the receiving server). request_body_max_size is set to 0. I find log
entries as follows:

1023876297.000 909875 a.b.c.d TCP_MISS/000 0 PUT
ftp://user@ip.of.ftp.server/uploadfile - DIRECT/ip.of.ftp.server -

I never saw a HTTP return code 000 before. Any hints on that?

Thanks,
Frank

Henrik Nordstrom wrote:

> acl private_ip dst 192.168.0.0/16 ....
> http_access deny private_ip
> deny_info ERR_PRIVATE_IP private_ip
>
> And put your custom error message in errors/ERR_PRIVATE_IP
>
> Regards
> Henrik
>
> Frank Neumann wrote:
> > Hi folks,
> >
> > I'd like to configure squid-2.4 to deny requests with private IP
> > addresses in the URL and respond with a customized error message. How
> > could such an acl look like? Any pointers are welcome.
> >
> > Thanks,
> > Frank

Received on Thu Jun 13 2002 - 04:23:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:40 MST