Re: [squid-users] acl dstdomains does not block!

> 2009/4/6 Leslie Jensen <leslie_at_eskk.nu>
>>
>>> Leslie Jensen wrote:
>>>> Hello
>>>>
>>>> My Proxy, Squid-3.0.13 on FreeBSD 7.1-RELEASE-p4, is running fine but I
>> can't get the folowing to work.
>>>> # acl blocked_sites dstdomain .aftonbladet.se.
>>>> acl blocked_sites dstdomain "/usr/local/etc/squid/dstdomain"
>> deny_info ERR_ACCESS_DENIED blocked_sites
>>>> http_access deny blocked_sites
>>>>
>>>> I've tried both to list the domain in squid.conf and in the file
>> "/usr/local/etc/squid/dstdomain"
>>>> None of the options seems to work, no blocking occours. If I put in the
>> complete path to the ERR_ACCESS_DENIED, I get an error when I do squid
>> -NCd1
>>>> I suspect that maybe the order of the acl's can affect but I need some
>> help to diagnose the problem.
>>> Yes order is important. Squid processes http_access stop-down and first
>> match wins.
>>> ERR_ACCESS_DENIED is the default page displayed for "http_access deny".
>> you don't have to specify its use.
>>> Amos
>>> --
>> Do I dare ask if someone will take a look at my conf file?
>>
>> I think I'm going blind looking at my rules! I believe I've done it right,
>> but obviously I have not. I need the acl dstdomain to work and I can't see
>> where I'm wrong.
>>
>> I'v tried to define only one domain and I've tried with a file with domain
>> names, none of them seem to work.
>>
>> I've also considered the order of my rules but I can't get it to work.
>>
>> Please help! Thanks
>>
>> /Leslie
>>
>>
>> ----------------- snip -----------------

>>
>> ----------------- snip -----------------
>>

Bharath Raghavendran skrev:
> Were you testing it with a non-localhost client? The only line i can
> see that can affect it is
> "http_access allow localhost" .. which means localhost gets access
> irrespective of the http_access directives that come after this one.
>
> btw, although this is not related to the problem, you have
> "http_access deny all" after "http_access deny blockedlist" ... which
> means even if request isnt in blockedlist, yet it will be denied ...
> which kind of makes blockedlist acl useless .. probably u didnt intend
> that.
>
> -Bharath
>

I'm testing with a host on localnet.

No, you are right I did not intend that. How do you suggest I go about
configuring so that the localnet is affected by the acl blockedlist?

/Leslie
Received on Mon Apr 06 2009 - 15:28:13 MDT