Re: [squid-users] Questions on "http_access deny" and TCP_DENIED

From: Steve Snyder <swsnyder@dont-contact.us>
Date: Sat, 26 Jul 2003 10:35:41 -0700

On Saturday 26 July 2003 10:10 am, Henrik Nordstrom wrote:
> On Saturday 26 July 2003 05.37, Steve Snyder wrote:
> > Well, I don't see any reason for the delay. Here's all the
> > "http_access" references I've got. Note that the logged TCP_DENIED
> > I posted previously are the result of the 2nd "http_access" in
> > this list:
> >
> > http_access deny xupiter
>
> How is xupiter defined?

These are the lines I added to the default acl/http_access rules in
squid.conf:

  acl snydernet src 192.168.0.0/255.255.255.0
  acl xupiter dstdomain .xupiter.com
  acl imrworldwide dstdomain .imrworldwide.com
  acl hotbar dstdomain .hotbar.com
  http_access deny xupiter
  http_access deny imrworldwide
  http_access deny hotbar
  http_access allow snydernet

> Do you have any http_reply_access rules?

Just the one from the default 2.5 squid.conf:

  http_reply_access allow all

> Do your Squid have any add-on patches from other vendors?

No, just the Squid 2.5S3 tarball + patches. The executables are built by
RedHat Package Manager on a RHL v7.3 system (all RH patches applied) with
this config:

%configure \
   --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid \
   --localstatedir=/var --sysconfdir=/etc/squid \
   --enable-removal-policies="heap,lru" \
   --enable-storeio="aufs,coss,diskd,ufs" --enable-ssl \
   --with-openssl=/usr/kerberos \
   --enable-linux-netfilter \
   --with-pthreads \
   --enable-basic-auth-helpers="LDAP,NCSA,PAM,SMB,SASL,MSNT" \
   --enable-ntlm-auth-helpers="SMB,winbind" \
   
--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,winbind_group"
\
   --enable-err-languages=English

Hmmm... I just had a thought (whoa!). I am using the Adzapper
(squid_redirect) redirector. Do redirectors get a requested URL before
the access rules are applied?

Thanks for the response.
Received on Sat Jul 26 2003 - 11:35:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:17 MST