RE: [squid-users] ACL named "all"

From: Jorge Bastos <mysql.jorge_at_decimal.pt>
Date: Sat, 26 Jul 2008 13:20:46 +0100

Thanks both,

In fact there was a acl all lost in the config file, it was there sinse 2.x
version, I think in 2.x version there was a acl all by default.

Ok it's solved :)

Jorge

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: sábado, 26 de Julho de 2008 6:11
> To: Leonardo Rodrigues Magalhães
> Cc: ML squid
> Subject: Re: [squid-users] ACL named "all"
>
> Leonardo Rodrigues Magalhães wrote:
> >
> >
> > Jorge Bastos escreveu:
> >> Hi people,
> >>
> >> Since first 3.0 version i've noticed this:
> >> 2008/07/25 21:56:24| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of
> >> '192.168.1.0/255.255.255.0'
> >> 2008/07/25 21:56:24| WARNING: because of this
> >> '192.168.1.0/255.255.255.0' is
> >> ignored to keep splay tree searching predictable
> >> 2008/07/25 21:56:24| WARNING: You should probably remove
> >> '0.0.0.0/0.0.0.0'
> >> from the ACL named 'all'
> >>
> >> But now saw on the STABLE8 version changelog:
> >> - Update Release Notes: 'all' ACL is built-in since
> 3.0.STABLE1
> >>
> >> So, how should I remote this warning?
> >>
> >>
> >
> > in squid 3.0 the 'all' acl is built-in. So if you try to define it
> in
> > your squid.conf, than you'll be redefining an already defined ACL.
> >
> > How to remove the warning ?? simply remove the 'acl all src
> > 0.0.0.0/0.0.0.0' line from your squid.conf !!! Defining this ACL is
> no
> > longer necessary in squid 3.0 STABLE1 and newers.
> >
>
> Adding to that ... It looks like whomever configured your squid used
> 'all' (whole internet) when they really mean local-network. This has
> serious security implications, which is part of why its now built-in.
>
> In addition to removing the all ACL definition from your squid.conf.
> You
> in particular need to audit your config access lines to make sure they
> still perform according to your policies.
>
> Amos
> --
> Please use Squid 2.7.STABLE3 or 3.0.STABLE8
Received on Sat Jul 26 2008 - 12:20:54 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 27 2008 - 12:00:04 MDT