Re: [squid-users] acl list bypass

Thanks. It works.

Best Regards,
Yung-Mu armor Chen,
Network Lab.
Dept. of Computer Science & Engineering.
Yuan-Ze University.
----- Original Message -----
From: "Marc Elsen" <marc.elsen@imec.be>
To: "Y.M.Chen" <armor@linux.netlab.cse.yzu.edu.tw>
Cc: <squid-users@squid-cache.org>
Sent: Friday, April 25, 2003 7:42 PM
Subject: Re: [squid-users] acl list bypass

>
>
> "Y.M.Chen" wrote:
> >
> > Dear all,
> >
> > I have two squid proxy servers A,B. A is a backbone proxy and B is a
> > departmental proxy. That means A is a parent of B. I set some acls for
deny
> > sex website in the server A. When I test those acls by set proxy A in my
IE
> > and connect to sex website, the proxy A shown access deny. It work.
However,
> > when I set proxy B in my IE and connect to sex website, it connected
> > success. It is strange.
>
> Does B use :
>
> never_direct allow all
>
> in it's conf, in order to kind of always force
> parent usage ?
>
> M.
>
> >
> > Squid version : Version 2.4.STABLE7 (A,B)
> >
> > Part of squid.conf for server A
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1
> > acl local_src_net src 140.138.0.0/255.255.0.0
> > acl ICQ dstdomain login.icq.com
> > acl SSL_ports port 443
> > acl SSL_ports port 563
> > acl Safe_ports port 80
> > acl Safe_ports port 21
> > acl Safe_ports port 443
> > acl Safe_ports port 563
> > acl Safe_ports port 70
> > acl Safe_ports port 1025-65535
> > acl CONNECT method CONNECT
> > acl deny_sex dstdom_regex foo.com
> > http_access Deny deny_sex
> > http_access Allow localhost
> > http_access Allow local_src_net
> > http_access Deny !Safe_ports
> > http_access Deny CONNECT !SSL_ports
> > http_access Deny all
> >
> > Best Regards,
> > Yung-Mu armor Chen,
> > Network Lab.
> > Dept. of Computer Science & Engineering.
> > Yuan-Ze University.
>
> --
>
> 'Love is truth without any future.
> (M.E. 1997)
>
Received on Sun Apr 27 2003 - 03:09:33 MDT