[squid-users] ACL "all" & squid3 from Voy User on 2011-03-01 (squid-users)

From: Voy User <vuser_at_gmx.com>
Date: Tue, 01 Mar 2011 08:04:08 +0000

I know questions about 'all' splay tree warning has been asked in the list before & I found
the reply at
http://www.mail-archive.com/squid-users@squid-cache.org/msg57540.html

However, my question is slightly different.
I am using squid3 with debian lenny.

I am using squid3 with webmin (yeah, I know a lot of people don't like webmin).
The webmin squid module hasn't been updated for squid3 - so it doesn't know about
the 'all' acl being inbuilt. So if I do not have the all acl in squid.conf & try to
all rules using webmin, I don't see 'all' in the list of acl's it gives to 'Allow'
and 'Deny'.

I have a few options
1) Move back to older version squid. I would prefer not to do this, but if I had to,
which is newest version of squid which I can use which doesn't have the 'all' acl
built in & what's the best way to define 'all'. Till now I have been defining it as
acl all src 0.0.0.0/0.0.0.0

This is from the visolve squid3 docs (docs have probably not been updated)
http://www.visolve.com/squid/squid30/accesscontrols.php#Recommended_Minimum_acl_Configuration

2) I continue using squid3 & define the all acl.

acl all src 0.0.0.0/0.0.0.0

This gives me the foll warning
--------------
Restarting Squid HTTP Proxy 3.0: squid3 Waiting.....................done.
2011/03/01 13:13:33 WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of '0.0.0.0/0.0.0.0'
2011/03/01 13:13:33 WARNING: because of this '0.0.0.0/0.0.0.0' is ignored to keep splay tree searching predictable
2011/03/01 13:13:33 WARNING: You should probably remove '0.0.0.0/0.0.0.0' from the ACL named 'all'
2011/03/01 13:13:33 squid.conf line 2575: http_access allow
2011/03/01 13:13:33 aclParseAccessLine: Access line contains no ACL's, skipping
--------------------------------

From the warning it appears as if squid just skips this line & continues. This should work fine because
webmin squid module sees this in the conf file & hence starts showing 'all' in the list of acls.
Does anyone see any problem in this?

Or is there a better way with squid3.
Received on Tue Mar 01 2011 - 08:04:19 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 12:00:06 MST