[squid-users] Squid 3.2 built-in ACLs? from 叶雨飞 on 2012-10-01 (squid-users)

From: 叶雨飞 <sunyucong_at_gmail.com>
Date: Mon, 1 Oct 2012 21:11:28 -0700

Hi, it looks like squid 3.2 have built ACLs ,I'm getting these warnings:

2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored
to keep splay tree searching predictable
2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1'
from the ACL named 'localhost'
2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored
to keep splay tree searching predictable
2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1'
from the ACL named 'localhost'
2012/10/01 21:11:01| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
'127.0.0.0/8'
2012/10/01 21:11:01| WARNING: because of this '127.0.0.0/8' is ignored
to keep splay tree searching predictable
2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.0/8'
from the ACL named 'to_localhost'
2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to
keep splay tree searching predictable
2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0'
from the ACL named 'to_localhost'
2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to
keep splay tree searching predictable
2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0'
from the ACL named 'to_localhost'

relevant configs are

acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16
acl to_localnet dst 10.0.0.0/8
acl to_localnet dst 172.16.0.0/12
acl to_localnet dst 192.168.0.0/16

http_access allow manager localhost
http_access deny manager

acl internal-url urlpath_regex ^/squid-internal-.*
http_access allow localnet to_localhost internal-url
http_access deny to_localhost
http_access deny to_localnet

is this expected?
Received on Tue Oct 02 2012 - 04:11:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 02 2012 - 12:00:02 MDT