Re: [squid-users] Two-Three ACL combination syntax. from ads squid on 2003-08-04 (squid-users)

From: ads squid <adssquid@dont-contact.us>
Date: Sun, 3 Aug 2003 23:09:57 -0700 (PDT)

I have done as directed but no success.
I think I am restricting access with

acl STOP1 src 192.168.0.42
acl WORKING time MTWHF 09:30-11:48
acl SITE dstdomain www.xyz.com
http_access deny STOP1 WORKING SITE

and allowing access with

http_access allow localnet

Is it the issue? If so how to slove.

Thanks

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Sunday 03 August 2003 19.17, ads squid wrote:
> > This is my acl code.
> >
> > ####
> > acl localnet src 192.168.0.0/255.255.255.0
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl Safe_ports port 80 443 210 119 70 20 21
> 1025-65535
> > acl CONNECT method CONNECT
> > acl all src 0.0.0.0/0.0.0.0
> >
> > http_access allow localnet
> > http_access allow localhost
>
> These two does not belong here... should be last,
> just before "deny
> all". http_access stops at the first matching line,
> anything beyond
> that line is ignored.
>
> > http_access deny !Safe_ports
> >
> > acl losers src 192.168.0.0/255.255.255.0
> > acl 4CONN maxconn 4
> > http_access deny 4CONN losers
> >
> > acl STOP1 src 192.168.0.23
> > acl WORKING time MTWHF 09:30-22:38
> > acl SITE dstdomain www.xyz.com
> >
> > http_access deny STOP1 WORKING SITE
> > http_access deny CONNECT
> > http_access deny all
> > ######
> >
> > When I reconfigure Squid.
> > I get following error.
> >
> > ]# /usr/local/squid/sbin/squid -k reconfigure
> > 2003/08/03 22:46:44| WARNING: '192.168.0.23' is a
> subnetwork of
> > '192.168.0.23' 2003/08/03 22:46:44| WARNING:
> because of this
> > '192.168.0.23' is ignored to keep splay tree
> searching predictable
> > 2003/08/03 22:46:44| WARNING: You should probably
> remove
> > '192.168.0.23' from the ACL named 'STOP1'
> 2003/08/03 22:46:44|
> > WARNING: 'www.xyz.com' is a subdomain of
> 'www.xyz.com' 2003/08/03
> > 22:46:44| WARNING: because of this 'www.xyz.com'
> is ignored to keep
> > splay tree searching predictable 2003/08/03
> 22:46:44| WARNING: You
> > should probably remove 'www.xyz.com' from the ACL
> named 'SITE'
>
>
> Appears you have acl definitions of STOP1 and SITE
> twice in your
> configuration file.
>
> Regards
> Henrik
>

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

application/octet-stream attachment: squid.conf

Received on Mon Aug 04 2003 - 00:10:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:33 MST