Re: [squid-users] Squid 2.5S2 - ACL problem

HEllo,

yahoo also uses other url's then those you gave, and that's not allowed in your
setup. (for example banners etc)
You should increase your debug_options and check the cache.log file which page
is blocked.

rgrds,

        Bart

Quoting Balzi Andrea <andrea.balzi@rinascente.cc>:

> Hi!
>
> In the "dominiautorizzati" ACL I have inserted some domains:
>
> it.yahoo.com
> .yahoo.it
> it.rd.yahoo.com
> it.search.yahoo.com
>
> When a user tries to make a search through Yahoo Italy receives a denied
> access.
> For the problem with Yahoo Italy I have tried also to put yahoo.com, but
> the problems remains.
> If the user uses one of the other site of Yahoo there aren't problems.
> The other "dominiautorizzati" domains in do not have the same problem.
> I have controlled that in the other ACL it did not appear the domains of
> Yahoo.
>
> How I can resolve the problem?
>
> We have the follow acl:
>
> #Access Control List
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl ipunico max_user_ip -s 1
> acl password proxy_auth_regex -i
> "/usr/share/squid/blacklists/interne/utenti"
> acl dominigruppo dstdomain "/etc/squid/blacklists/interne/dominigruppo"
> acl urlbloccate url_regex -i "/etc/squid/blacklists/interne/urlbloccate"
> acl domregexbloccati dstdom_regex -i
> "/etc/squid/blacklists/interne/domregexbloccati"
> acl dominibloccati dstdomain "/etc/squid/blacklists/interne/dominibloccati"
> acl dominiautorizzati dstdomain
> "/etc/squid/blacklists/interne/dominiautorizzati"
> acl urlnocache url_regex -i "/etc/squid/blacklists/interne/urlnocache"
> acl ads_domains dstdom_regex "/usr/share/squid/blacklists/ads/domains"
> acl aggressive_domains dstdom_regex
> "/usr/share/squid/blacklists/aggressive/domains"
> acl audio-video_domains dstdom_regex
> "/usr/share/squid/blacklists/audio-video/domains"
> acl drugs_domains dstdom_regex "/usr/share/squid/blacklists/drugs/domains"
> acl gambling_domains dstdom_regex
> "/usr/share/squid/blacklists/gambling/domains"
> acl hacking_domains dstdom_regex
> "/usr/share/squid/blacklists/hacking/domains"
> acl mail_domains dstdom_regex "/usr/share/squid/blacklists/mail/domains"
> acl porn_domains dstdom_regex "/usr/share/squid/blacklists/porn/domains"
> acl proxy_domains dstdom_regex "/usr/share/squid/blacklists/proxy/domains"
> acl violence_domains dstdom_regex
> "/usr/share/squid/blacklists/violence/domains"
> acl warez_domains dstdom_regex "/usr/share/squid/blacklists/warez/domains"
> acl QUERY urlpath_regex -i cgi-bin .cgi
> acl METHOD method CONNECT POST
> acl ssl proto HTTPS
>
> #Regole
> http_access deny ipunico
> http_access allow dominigruppo
> http_access deny ads_domains
> http_access deny aggressive_domains
> http_access deny audio-video_domains
> http_access deny drugs_domains
> http_access deny gambling_domains
> http_access deny hacking_domains
> http_access deny mail_domains
> http_access deny porn_domains
> http_access deny proxy_domains
> http_access deny violence_domains
> http_access deny warez_domains
> http_access allow dominiautorizzati
> http_access deny urlbloccate
> http_access deny domregexbloccati
> http_access deny dominibloccati
> http_access allow password
> http_access allow localhost
> http_access deny all
> no_cache deny QUERY
> no_cache deny urlnocache
> no_cache deny METHOD
> no_cache deny ssl
>
>

Schelstraete Bart
bart@schelstraete.org - http://www.schelstraete.org
          http://langmixer.mozdev.org
Received on Wed Jul 09 2003 - 04:09:14 MDT