Re: [squid-users] ACLs

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 03 Apr 2009 22:52:20 +1300

Merdouille wrote:
> I used :
>
> http_access allow manager localhost
> http_access allow localnet PROTO METHOD
> http_access deny all !port
>
> I try to add deny_info options :
> deny_info TCP_RESET !manager !localhost
> deny_info TCP_RESET !localnet
> deny_info TCP_RESET !all
>
> or
>
> deny_info TCP_RESET manager localhost
> deny_info TCP_RESET localnet
> deny_info TCP_RESET all
>
>
> But i'allways have an error message "Access control configuration prevents
> your request from
> being allowed at this time. Please contact your service provider if
> you feel this is incorrect.
> etc"
> Instead ofan effective TCP_reset

deny_info requires a single ACL name.

When ACL with that name is the last on the http_access line doing a
"deny" action the deny_info page/action will be given.

None of your ACL listed for deny_info are the last on their lines.
Only 'port' is on a line doing deny.

Please note that TCP_RESET when used will not prevent abusive hosts, but
risks a mini DDoS against yourself as clients attempt to reconnect the
failed link. Use carefully.

If I may say so you have the weirdest config I've seen in months. What
exactly are you trying to do with your Squid?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6
Received on Fri Apr 03 2009 - 09:52:27 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 03 2009 - 12:00:01 MDT