On 08/29/2012 06:13 PM, Derek Simon wrote:
> Nichols,
>
> It appears that I need to preprocess the lists before handing them to Squid, removing all subdomains were the parent domain is present.
>
> I don't see anything special about your configuration that would somehow remedy this issue. Perhaps your lists are sanitized?
You might want to look at ufdbGuard.
ufdbGuard is a URL filter for Squid and you can use your own lists of domains+urls.
ufdbGuard deals differently with the issue with domains and subdomains
and merely gives a warning and works.
So if you have
abc.example.com
def.example.com
example.com/dirtywords.html
.example.com
ufdbGuard simply warns and due to the last line,
blocks example.com and all its subdomains.
I see that you use shallalist. It can be used without modification by ufdbGuard.
Marcus
> ______________________________
> Derek Simon
> IT Support
> d'Oliveira & Associates, P.C.
> 401-431-1990
>
>
>
>
> On 8/29/2012 7:37 AM, mrnicholsb wrote:
>> Hello, I use squid 3.1 to block with acl, porn sites, malicious sites
>> and ads.
>>
>> I can tell you the WARNING: you should remove basically means you have
>> subdomains added to your list
>> when you have somesite.something.com it leaves something.com accessable,
>> you want to remove somesite.something.com and just let it block
>> something.com to block the entire site, including subdomains, unless you
>> are just wanting to block a sub but not the whole domain, then just
>> ignore the error.
>>
>> btw, heres the syntax of how I do it on my squid 3.1 for addressing your
>> bungled line error.
>>
>> acl blacklist dstdomain "/etc/squid3/squid-block.acl"
>> acl ipblacklist dst "/etc/squid3/squid-ipblock.acl"
>> acl zeusblacklist dstdomain "/etc/squid3/squid-block-zeus.acl"
>>
>> and then
>>
>> http_access deny zeusblacklist
>> http_access deny blacklist
>> http_access deny ipblacklist
>>
>> I hope this helps you solve your issues.
>>
>>
>> fix nichols
>>
>> haxradio.com
>>
>> On 08/28/2012 02:53 PM, Derek Simon wrote:
>>> Hi all,
>>>
>>> I am migrating a Squid 2.7 server to Squid 3.1.
>>>
>>> In 2.7 I was using the Shallalists without issue, after prefixing each
>>> line with a period, as prescribed:
>>> http://www.shallalist.de/faq.html#squid
>>>
>>> I would reference them in squid.conf as such:
>>> acl SL_Adv dstdomain "adv/domains.squid"
>>>
>>> I more or less copied these ACL lines from the 2.7 conf to the 3.1 and
>>> I get the following errors when reparsing:
>>>
>>> Processing: acl SL_Adv dstdomain
>>> "/etc/squid3/lists/shallalist/adv/domains.squid"
>>> WARNING: You should remove '.addesktop.com' from the ACL named 'SL_Adv'
>>> WARNING: You should remove '.addesktop.com' from the ACL named 'SL_Adv'
>>> ERROR: You should remove '.ads360.com' from the ACL named 'SL_Adv'
>>> FATAL: Bungled squid.conf line 732: acl SL_Adv dstdomain
>>> "/etc/squid3/lists/shallalist/adv/domains.squid"
>>> Squid Cache (Version 3.1.19): Terminated abnormally.
>>>
>>> What gives? I used to get the warnings in 2.7, and I understand the
>>> splay tree performance issue, but why is this now fatal behavior in 3.1?
>>>
>>> Thanks,
>>> ______________________________
>>> Derek Simon
>>> IT Support
>>> d'Oliveira & Associates, P.C.
>>> 401-431-1990
>>>
>>>
>>>
>>>
>>
>
>
Received on Thu Aug 30 2012 - 12:33:40 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 30 2012 - 12:00:04 MDT