Re: [squid-users] Possible regressions in dstdom_regex based matching from Sameer Naik on 2009-01-09 (squid-users)

From: Sameer Naik <sameer.subscriptions_at_damagehead.com>
Date: Sat, 10 Jan 2009 12:29:49 +0530

On Friday 09 January 2009 1:58:17 am Chris Robertson wrote:
> Sameer Naik wrote:
> > Hi,
> > I have created a filter file named block.lst with the following contents
> >
> > /youtube.
> > /orkut.
> > /songs.pk
> > /senduit.
> >
> > I have created an acl based on the domain regex for the above filter by
> > specifying the following rule in the squid.conf
> >
> > acl list_blocked dstdom_regex "/squid/lists/block.lst"
> >
> > to block all users from accessing the domains specified in the above
> > list, i have specified the following rule in squid.conf
> >
> > http_access deny all list_blocked
> >
> > As a result of the above changes, access to http://www.youtube.com,
> > http://youtube.com, http://www.orkut.com and http://orkut.com is
> > restricted,
>
> Are you sure these are being blocked by the "list_blocked" ACL? If you
> really start the lines with a forward slash,. there is no way it's going
> to match "www.youtube.com". As an aside, is there a reason you aren't
> using dstdomain acls? Preface the domain with a dot (e.g.
> ".youtube.com") and it will match in a regex like fashion.
>
sorry my bad, its actually a back slash not forward slash. The reason i am
using dstdom_regex is say if i enter
\yahoo.
this will block all yahoo domains like yahoo.com, yahoo.co.in, yahoo.kr and so
on.

> > But however, http://www.songs.pk and http://songs.pk remains accessible
> > and at the same time http://www.senduit.com remains accessible while
> > http://senduit.com becomes restricted.
> >
> > I see similar issues with a couple of domains. I really have no clue why
> > this is happening. I am using squid3-STABLE11 and have seen these issues
> > in earlier versions as well.
>
> In your squid.conf, set "debug_options ALL,1 28,3", reconfigure squid
> and tail your cache.log. That might give you a better idea of what's
> going on.
>
> > Please let me know if theres something wrong with what i am doing.
> >
> > Regards
> > ~Sameer
>
> Chris
Received on Sat Jan 10 2009 - 07:00:35 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 10 2009 - 12:00:02 MST