Niti Lohwithee wrote:
> Adam Aube wrote:
>> Fix the SSL_Ports acl line. If it still doesn't work, post your
>> entire squid.conf (without blank lines or comments).
> I am really sorry for above squid configuration. In fact , My squid
> box have a correct [acl SSL_Ports port 443] but http_access don't
> work.
> Any advice.
Re-read the portion of my reply I quoted above.
Adam
Squid configuration
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl scb_port port 9000 443 563 # scb port 9000
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl NationWeb_ports port 700 # nation web site use to send
online data
acl http7779_port port 7779 # for access www.dbd.go.th
acl CONNECT method CONNECT
#######################
#Access List for policy
#######################
acl bothost dstdomain "/usr/local/squid/etc/filter_bot_domain.txt"
acl filter_local_domain dstdomain
"/usr/local/squid/etc/filter_local_domain.txt"
acl filter_dmz_domain dstdomain
"/usr/local/squid/etc/filter_dmz_domain.txt"
acl filter_special_domain dstdomain
"/usr/local/squid/etc/filter_special_domain.txt"
acl filter_intranet_host dst
"/usr/local/squid/etc/filter_intranet_host.txt"
acl filter_pager_domain dstdomain
"/usr/local/squid/etc/filter_pager_domain.txt"
acl filter_pager_host dst "/usr/local/squid/etc/filter_pager_host.txt"
acl dataone dst "/usr/local/squid/etc/dataone.txt"
acl filter_pager_url url_regex
"/usr/local/squid/etc/filter_pager_url.txt"
acl ais900 url_regex ^http://www.ais900.com/vas
acl ais900path urlpath_regex \.gif$
acl filter_x_domain dstdomain "/usr/local/squid/etc/filter_x_domain.txt"
acl filter_x_domain2 dstdomain
"/usr/local/squid/etc/filter_x_domain2.txt"
acl host_allowed src "/usr/local/squid/etc/host_allowed.txt"
acl host_secureid src "/usr/local/squid/etc/host_secureid.txt"
acl host_cho src "/usr/local/squid/etc/host_cho.txt"
acl host_special src "/usr/local/squid/etc/host_special.txt"
acl filter_spedia_user src "/usr/local/squid/etc/filter_spedia_user.txt"
acl filter_badip src "/usr/local/squid/etc/filter_badip.txt"
########### Add acl at here ########################
acl special_domain dstdomain "/usr/local/squid/etc/allow_ssl.txt
#################################################
acl passwd proxy_auth REQUIRED
acl userbot proxy_auth sctbot
acl user_scb proxy_auth "/usr/local/squid/etc/filter_scb_user.txt"
acl worktime time 07:30-16:30
acl sunday time S
acl saturday time A
acl service_ftp proto FTP
Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow scb_port user_scb
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow NationWeb_ports
http_access allow filter_local_domain
http_access allow filter_special_domain
http_access allow filter_intranet_host
http_access allow filter_pager_domain
http_access allow filter_pager_host
http_access allow dataone
http_access allow filter_pager_url
http_access allow ais900 ais900path
http_access deny filter_x_domain
http_access deny filter_x_domain2
http_access deny filter_spedia_user
http_access deny filter_badip
http_access allow host_secureid
http_access allow host_special
############ Add http access at here#####
http_access deny SSL_Ports !special_domain
#####################################
http_access deny !bothost userbot
http_access allow host_allowed passwd
http_access deny all
File [special_domain.txt]
.tac.co.th
File [host_allow.txt ]
all Intranet ip address
Any Advice "
Regards and Thank you in advance
Niti
Received on Thu Jun 24 2004 - 20:59:56 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT