On Tue, 24 Aug 2004 Jim_Brouse/PYT@PASCUAYAQUITRIBE.ORG wrote:
>
> egrep -v '^$|^#' /etc/squid.conf |grep http_access -i
> http_access allow manager localhost
> http_access deny manager
> http_access allow KIOSK KIOSK.dstdomain
Shouldn't there be a
http_access deny KIOSK
here?
if not the KIOSK is allowed to access YAHOOMESSENGER, AOL, NONPORN and
maybe more.. (not all your acl names is obvious)
> http_access allow PAGING AIRMAIL
> http_access deny BLOCK.NOT.YAHOO YAHOOMESSENGER
> http_access allow YAHOOMESSENGER
> http_access deny AOL BLOCK.NOT.AOL
> http_access allow AOL
> http_access deny lab.dstdomain lab.src
> http_access allow guad.lab.src
> http_access allow LOG-ONLY-HOSTS
> http_access deny NO.NONBLOCK NONBLOCK
> http_access allow NONBLOCK
> http_access allow NONPORN
> http_access deny BLOCK
> http_access deny MIMEBLOCK
> http_access deny RESTRICTED-BROWSER
> http_access deny RESTRICTED-DOM
> http_access allow PERMITTED-HOSTS
You are aware that each allow you have above not combined with a src type
acl allows everyone in the whole world access to those sites?
> http_access allow manager ADMIN-HOSTS
> http_access deny manager
These two lines can never be reached. The first should be moved up to the
top, the second deleted.
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
These two should be before your very first allow rule.
> http_access deny to_localhost
Having this at the end makes no sense. Should be before where you allow
access as you can not deny what you have already allowed or the reverse.
> http_access deny all
Regards
Henrik
Received on Tue Aug 24 2004 - 15:09:06 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT