>
>
>>>> Joost de Heer<sanguis@xs4all.nl> 8/2/05 7:17:23 AM >>>
>Joe Acquisto said:
>> Still chasing getting PC restrictions to work.
>>
>> I just don't get it. I have acl's defined, and I can see it checking
>> them, in the cache.log. However, it seems it is hosing up on the IP
>> check. Always seems to be checking "127.0.0.1" instead of the actual
>> connection's IP.
>>
>> Below is an example from the log:
>>
>> 2005/08/01 14:54:56| aclCheck: checking 'http_access allow JOESPC LETIN1'
>> 2005/08/01 14:54:56| aclMatchAclList: checking JOESPC
>> 2005/08/01 14:54:56| aclMatchAcl: checking 'acl JOESPC src 192.168.0.16'
>> 2005/08/01 14:54:56| aclMatchIp: '127.0.0.1' NOT found
>> 2005/08/01 14:54:56| aclMatchAclList: returning 0
>
>Are you testing from the machine the proxy is on? What IP address did you
>use for proxy configuration in the browser?
>
>Joost
>
In this case, I was testing from another PC while also watching the log. The browser is pointed at the actual IP of the squid box, port 8080.
Oops? I forgot to mention, or consider, that I am running DansGuardian on this box also, so it talks to squid. Makes sense, then that it thinks 127.0.0.1 is the src address.
Yes. Big Oops. Just turned off DG and changed the browsers proxy port to 3128 and the log shows it matched correctly and, of course, blocked access.
So, Thanks for the triggering thought.
Now, tho, how to impliment the time restrictions. Time to review the DG docs, I guess? Back to the drawing board.
Thanks again.
joea
Received on Tue Aug 02 2005 - 06:51:51 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT