Re: [squid-users] Possible regressions in dstdom_regex based matching

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 08 Jan 2009 11:28:17 -0900

Sameer Naik wrote:
> Hi,
> I have created a filter file named block.lst with the following contents
>
> /youtube.
> /orkut.
> /songs.pk
> /senduit.
>
> I have created an acl based on the domain regex for the above filter by
> specifying the following rule in the squid.conf
>
> acl list_blocked dstdom_regex "/squid/lists/block.lst"
>
> to block all users from accessing the domains specified in the above list, i
> have specified the following rule in squid.conf
>
> http_access deny all list_blocked
>
> As a result of the above changes, access to http://www.youtube.com,
> http://youtube.com, http://www.orkut.com and http://orkut.com is restricted,
>

Are you sure these are being blocked by the "list_blocked" ACL? If you
really start the lines with a forward slash,. there is no way it's going
to match "www.youtube.com". As an aside, is there a reason you aren't
using dstdomain acls? Preface the domain with a dot (e.g.
".youtube.com") and it will match in a regex like fashion.

> But however, http://www.songs.pk and http://songs.pk remains accessible and at
> the same time http://www.senduit.com remains accessible while
> http://senduit.com becomes restricted.
>
> I see similar issues with a couple of domains. I really have no clue why this
> is happening. I am using squid3-STABLE11 and have seen these issues in earlier
> versions as well.
>

In your squid.conf, set "debug_options ALL,1 28,3", reconfigure squid
and tail your cache.log. That might give you a better idea of what's
going on.

> Please let me know if theres something wrong with what i am doing.
>
> Regards
> ~Sameer
>

Chris
Received on Thu Jan 08 2009 - 20:26:33 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 09 2009 - 12:00:02 MST