Re: [squid-users] acl list bypass

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Fri, 25 Apr 2003 13:42:17 +0200

"Y.M.Chen" wrote:
>
> Dear all,
>
> I have two squid proxy servers A,B. A is a backbone proxy and B is a
> departmental proxy. That means A is a parent of B. I set some acls for deny
> sex website in the server A. When I test those acls by set proxy A in my IE
> and connect to sex website, the proxy A shown access deny. It work. However,
> when I set proxy B in my IE and connect to sex website, it connected
> success. It is strange.

 Does B use :
  
  never_direct allow all
 
 in it's conf, in order to kind of always force
 parent usage ?

 M.

>
> Squid version : Version 2.4.STABLE7 (A,B)
>
> Part of squid.conf for server A
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1
> acl local_src_net src 140.138.0.0/255.255.0.0
> acl ICQ dstdomain login.icq.com
> acl SSL_ports port 443
> acl SSL_ports port 563
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 563
> acl Safe_ports port 70
> acl Safe_ports port 1025-65535
> acl CONNECT method CONNECT
> acl deny_sex dstdom_regex foo.com
> http_access Deny deny_sex
> http_access Allow localhost
> http_access Allow local_src_net
> http_access Deny !Safe_ports
> http_access Deny CONNECT !SSL_ports
> http_access Deny all
>
> Best Regards,
> Yung-Mu armor Chen,
> Network Lab.
> Dept. of Computer Science & Engineering.
> Yuan-Ze University.

-- 
 'Love is truth without any future.
 (M.E. 1997)
Received on Fri Apr 25 2003 - 05:42:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:30 MST