On Sunday 03 August 2003 19.17, ads squid wrote:
> This is my acl code.
>
> ####
> acl localnet src 192.168.0.0/255.255.255.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
>
> http_access allow localnet
> http_access allow localhost
These two does not belong here... should be last, just before "deny
all". http_access stops at the first matching line, anything beyond
that line is ignored.
> http_access deny !Safe_ports
>
> acl losers src 192.168.0.0/255.255.255.0
> acl 4CONN maxconn 4
> http_access deny 4CONN losers
>
> acl STOP1 src 192.168.0.23
> acl WORKING time MTWHF 09:30-22:38
> acl SITE dstdomain www.xyz.com
>
> http_access deny STOP1 WORKING SITE
> http_access deny CONNECT
> http_access deny all
> ######
>
> When I reconfigure Squid.
> I get following error.
>
> ]# /usr/local/squid/sbin/squid -k reconfigure
> 2003/08/03 22:46:44| WARNING: '192.168.0.23' is a subnetwork of
> '192.168.0.23' 2003/08/03 22:46:44| WARNING: because of this
> '192.168.0.23' is ignored to keep splay tree searching predictable
> 2003/08/03 22:46:44| WARNING: You should probably remove
> '192.168.0.23' from the ACL named 'STOP1' 2003/08/03 22:46:44|
> WARNING: 'www.xyz.com' is a subdomain of 'www.xyz.com' 2003/08/03
> 22:46:44| WARNING: because of this 'www.xyz.com' is ignored to keep
> splay tree searching predictable 2003/08/03 22:46:44| WARNING: You
> should probably remove 'www.xyz.com' from the ACL named 'SITE'
Appears you have acl definitions of STOP1 and SITE twice in your
configuration file.
Regards
Henrik
Received on Sun Aug 03 2003 - 12:31:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:33 MST