Re: [squid-users] Squid 3.2 built-in ACLs?

From: 叶雨飞 <sunyucong_at_gmail.com>
Date: Tue, 2 Oct 2012 09:58:37 -0700

can you share a list of built-in ACL?

On Mon, Oct 1, 2012 at 9:57 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 2/10/2012 5:11 p.m., 叶雨飞 wrote:
>>
>> Hi, it looks like squid 3.2 have built ACLs ,I'm getting these warnings:
>>
>> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
>> '127.0.0.1'
>> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored
>> to keep splay tree searching predictable
>> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1'
>> from the ACL named 'localhost'
>> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
>> '127.0.0.1'
>> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored
>> to keep splay tree searching predictable
>> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1'
>> from the ACL named 'localhost'
>> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
>> '127.0.0.0/8'
>> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.0/8' is ignored
>> to keep splay tree searching predictable
>> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.0/8'
>> from the ACL named 'to_localhost'
>> 2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A)
>> '0.0.0.0'
>> 2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to
>> keep splay tree searching predictable
>> 2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0'
>> from the ACL named 'to_localhost'
>> 2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A)
>> '0.0.0.0'
>> 2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to
>> keep splay tree searching predictable
>> 2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0'
>> from the ACL named 'to_localhost'
>>
>>
>> relevant configs are
>>
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16
>> acl to_localnet dst 10.0.0.0/8
>> acl to_localnet dst 172.16.0.0/12
>> acl to_localnet dst 192.168.0.0/16
>>
>> http_access allow manager localhost
>> http_access deny manager
>>
>> acl internal-url urlpath_regex ^/squid-internal-.*
>> http_access allow localnet to_localhost internal-url
>> http_access deny to_localhost
>> http_access deny to_localnet
>>
>>
>> is this expected?
>
>
> Yes. Please follow the instructions Squid wrote in the WARNING message(s).
>
> Squid-3.2 contains a lot of these upgrade assistance warnings. Please run
> "squid -k parse" to verify the rest of your configuration file as well.
>
> Amos
Received on Tue Oct 02 2012 - 16:59:07 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 03 2012 - 12:00:03 MDT