Re: [squid-users] url blocking using url_regex not working on squid2.5

From: Chris Robertson <crobertson_at_gci.net>
Date: Tue, 01 Sep 2009 10:19:16 -0800

g f wrote:
> Hello all,
> I am running squid2.5STABLE14 on RHEL4.
> I am close to rolling out squid3 on debian but unfortunately I still
> need to support the above RHEL build.
> Redhat doesnt seem to have a 2.6 rpm for RHEL4 so I cannot go to 2.6.
>
> All is working fine but I need to implement url blocking.
> I followed docs and numerous posts to attempt to implement url
> blocking but squid just seems to ignore these acls.
>
> Here is a snippet of my config:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> acl our_networks src 10.150.15.0/24
> http_access allow our_networks
>

With this, you allow all traffic (that hasn't already been denied) from
10.150.15.0/24. For clients in this IP range, no more access rules will
be checked. Have a look at the FAQ
(http://wiki.squid-cache.org/SquidFaq/SquidAcl) for more.

> acl our_servers src 10.150.7.0/24
> http_access allow our_servers
> acl msn url_regex toyota
> http_access deny msn
>
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
>
>
> Now I also tried the following:
> acl msn dstdomain .toyota.com
> http_access deny msn
>
> acl msn_file url_regex "/etc/squid/blocker.txt"
> http_access deny msn_file
>
> I started squid using debug /usr/sbin/squid -NCd10 and get no errors.
> It seems to just ignore these acls.
>
> Any ideas?
> Thanks in advance.
> Graham
>

Chris
Received on Tue Sep 01 2009 - 18:19:38 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 02 2009 - 12:00:01 MDT