Re: [squid-users] trouble with google from Amos Jeffries on 2009-10-13 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 14 Oct 2009 10:21:41 +1300

On Tue, 13 Oct 2009 16:02:16 +0200, Maurizio Marini
<maumar_at_datalogica.com>
wrote:
> i do not want black google, in any way
>
> i get this on my logs
> 1255441841.057 155 192.168.16.185 TCP_MISS/204 459 GET
> http://www.google.it/url? - DIRECT/209.85.129.104 text/html
> 1255441943.662 1635 192.168.16.185 TCP_MISS/200 4117 GET
> http://www.google.it/ - DIRECT/209.85.129.147 text/html
> 1255441943.781 118 192.168.16.185 TCP_DENIED/403 1754 GET
> http://www.google.it/intl/it_it/images/logo.gif - NONE/- text/html
> 1255441943.819 0 192.168.16.185 TCP_DENIED/403 1742 GET
> http://www.google.it/images/nav_logo7.png - NONE/- text/html
> 1255441944.777 897 192.168.16.185 TCP_DENIED/403 1914 GET
>
http://www.google.it/extern_js/f/CgJpdBICaXQrMAo4OywrMA44BywrMBY4ECwrMBc4AywrMBg4BCwrMCU4yYgBLCsw
> JjgFLCswJzgCLA/q-yuc4QxqeE.js - DIRECT/209.85.129.147 text/html
>
> ==================
> this is my relevant piece of conf:
>
> acl block1 urlpath_regex -i \.mpg$ \.wmv$ \.gsz$ \.mpe$ \.yim$ \.avi$
> \.flv$ \.pls$ \.mpeg$
> acl block2 url_regex -i
>
\.(aiff|asf|avi|dif|divx|flv|mov|movie|mp3|mpe?g?|mpv2|ogg|pls|ra?m|snd|qt|wav|wmf|wmv)$

Two ACL doing very much the same thing and overlapping?
I see no reason for doing that.

You might as well add 'yim' to the block2 list and drop the block1 list
entirely.

block2 also needs two other tweaks to get it matching all file extensions
properly.
... the $ at the end need to be replaced with (\?.*)?$
... the url_regex at the beginning needs to be replaced with
urlpath_regex

>
> acl reqmsn req_mime_type -i ^application/x-msn-messenger
> acl repmsn rep_mime_type -i ^application/x-msn-messenger
> # blocco estensioni, msn
> http_access deny block1
> http_access deny block2
> http_access deny reqmsn

> http_access deny repmsn

*reply* mime type is never valid in http_access *request* rules. You
should be getting a cache.log warning about this (missing reply headers, or
reply ACL not usable in request context) on every request...

>
> ===================
>
>
> do u see any reason why google gets TCP_DENIED/403?

Look for other http_access rules or http_reply_access rules denying stuff.
Those particular snippet rules do not match the URLs listed.

Amos
Received on Tue Oct 13 2009 - 21:22:07 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 14 2009 - 12:00:02 MDT