[squid-users] bad regex is blocking the wrong sites from devadmin on 2011-10-03 (squid-users)

From: devadmin <mrnicholsb_at_gmail.com>
Date: Mon, 03 Oct 2011 14:42:43 -0700

Hello Im new to blocking with squid, right now im using a bad site list
and that works fine, blocks urls as it should, but Im also experimenting
with the bad regex style blacklist because I see a lot of porn is still
getting through, but the badregex is blocking farmvilla zynga content as
well as AOL email! I would like to know why "gay" and "porn" would cause
aol and farmville to be blocked and any suggestions that might be
helpful would be so very much appreciated, I have teenagers on the lan
and need to protect them from this garbage the best of my ability.

heres the contents of the bad regex blacklist im using, just a single
line.

.*porn*.*

one entry. and this single entry causes all those sites/services and
more to be blocked. What am I doing wrong?

Heres my conf..

http_port 10.10.1.105:3128

hierarchy_stoplist cgi-bin ?

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

dns_nameservers 10.10.1.1
cache_swap_low 95
cache_swap_high 98
access_log /var/log/squid3/access.log
cache_mem 500 MB
memory_pools on
maximum_object_size_in_memory 100 MB
maximum_object_size 150 MB
log_icp_queries off
cache_mgr mrnicholsb_at_gmail.com
cache_dir ufs /mnt/secondary/var/spool/squid3 34000 32 256

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.10.1.0/24 # RFC 1918 possible internal network
acl blacklist dstdomain "/etc/squid3/squid-block.acl"
#acl badregex url_regex -i "/etc/squid3/badregex.acl"
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http

http_access deny blacklist
http_access deny badregex
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all

shutdown_lifetime 1 second

Received on Mon Oct 03 2011 - 21:44:53 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 04 2011 - 12:00:03 MDT