Re: [squid-users] Problem accessing site

"Jacob S." wrote:

> acl unblockedsites url_regex -i "/etc/squid/unblock.txt"
> acl blockedsites url_regex -i "/etc/squid/block.txt"
> acl semiblock url_regex -i "/etc/squid/semiblock.txt"
>
> http_access deny semiblock
> http_access deny blockedsites !unblockedsites
> # I want access to "unblockedsites", but not "blockedsites".
> # If I put ".something.tld" in unblockedsites, I can't block
> # "c.something.tld" in blockedsites, so I use semiblock instead.
>
> http_access deny all !unblockedsites
> # If it can't be accessed through the first two, then it should be
> # blocked.
>
> I guess I could probably just use
> http_access deny semiblock
> http_access deny all !unblockedsites
> but I have thoughts of custom error messages in the future, so I think
> it could be helpful to know the difference between explicit blocks and
> blocks that are simply because they're not on the unblock list.
>
> With the current acl setup, and debug_options set to "ALL,1 33,2",
> trying to go to www.joker.com from my browser yields the following
> result in cache.log:
>
> 2003/03/16 00:02:02| The request CONNECT joker.com:443 is DENIED,
> because it matched 'unblockedsites'

With your setup this is either

   http_access deny blockedsites !unblockedsites
or
   http_access deny !unblockedsites

> If I add the line "joker.com" in unblock.txt, I see nothing in the log
> and am able to access it. Yet I already have ".joker.com" in unblock.txt
> so it seems it should still be allowed, according to the FAQ.

If you have .joker.com then adding joker.com should not make any
difference, and in fact can make your acl unreliable as the two
overlaps. "squid -k parse" should warn you if you attempt such
configuration.
 
> Any more suggestions?

If "squid -k parse" does not warn you when you have both .joker.com and
joker.com then doublecheck the definition of .joker.com . Maybe there is
some odd character around .joker.com which makes Squid misunderstand the
definition.

Other than this, try upgrading to Squid-2.5, the currently supported
Squid version. Squid-2.4 is no longer maintained by the Squid developers
as Squid-2.5 is the current STABLE release.

Only at most three releases are maintained by the Squid developers:

 * the current STABLE release for production use, currently Squid-2.5.

 * PRE releases of the next major Squid release for testing purposes.
currently none.

 * DEVEL snapshots of the current development sources for people who
develop Squid. currently this is what will become Squid-3.0.

Regards
Henrik
Received on Sun Mar 16 2003 - 02:56:24 MST