Andres Salazar wrote:
> Hello Amos,
>
> # /usr/local/sbin/squid -v
> Squid Cache: Version 2.7.STABLE6
>
> Iam including the ACLs and the HTTP_ACCESS:
>
> acl msn_mime req_mime_type -i ^application/x-msn-messenger$
> acl msn_gw url_regex -i gateway.dll
> acl flash_mime rep_mime_type ^application/x-shockwave-flash$
> acl flash_mime_allowurl dstdomain .flashstudio.com .flashtutorials.com
> 89.15.79.50
> acl allowedurls dstdomain "/etc/squid/url.txt"
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl localnet src x.x.x.x.x.
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 443 # https
> acl Safe_ports port 7777
> acl SSL_ports port 7777
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all msn_mime
> http_access deny all msn_gw
"all" has no meaning at the beginning of a set of combined rules.
It might have meaning at the finishing end of the line, but in this case
not either.
> http_reply_access deny flash_mime !flash_mime_allowurl
> http_access allow localnet allowedurls
> http_access allow localnet SSL_ports
There you go. Unlimited access to all SSL ports for localnet.
That line appears to be doing nothing but opening the HTTPS requests to
the not-allowed domains.
Allowed domains (both HTTP and HTTPS) are already allowed by "allow
localnet allowedurls"
> http_access deny all
>
> The url.txt iam sending through email.
>
That file had a problem too, its a wonder it worked at all. Comment
likewise in reply to that email.
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24 Current Beta Squid 3.1.0.16Received on Thu Feb 18 2010 - 13:12:32 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST