[squid-users] bug ... No-lookup DNS ACLs ? from Jeff Chua on 2013-01-31 (squid-users)

From: Jeff Chua <jeff.chua.linux_at_gmail.com>
Date: Fri, 1 Feb 2013 13:33:21 +0800

---------- Forwarded message ----------
From: Jeff Chua <jeff.chua.linux_at_gmail.com>
Date: Fri, Feb 1, 2013 at 1:32 PM
Subject:
To: squid-users_at_squid-cache.org

Amos,

I'm seeing entries like these after rev 12620. It seems the "-n" only
applies to dst* and not src* ACL. How can I fix these?

2013/02/01 13:19:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/02/01 13:19:05| WARNING: because of this '::/0' is ignored to
keep splay tree searching predictable
2013/02/01 13:19:05| WARNING: You should probably remove '::/0' from
the ACL named 'all'
2013/02/01 13:19:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2013/02/01 13:19:05| WARNING: because of this '127.0.0.1' is ignored
to keep splay tree searching predictable
2013/02/01 13:19:05| WARNING: You should probably remove '127.0.0.1'
from the ACL named 'localhost'
2013/02/01 13:19:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
'127.0.0.0/8'
2013/02/01 13:19:05| WARNING: because of this '127.0.0.0/8' is ignored
to keep splay tree searching predictable
2013/02/01 13:19:05| WARNING: You should probably remove '127.0.0.0/8'
from the ACL named 'to_localhost'
2013/02/01 13:19:05| WARNING: (B) '138.18.18.0/25' is a subnetwork of
(A) '138.18.18.0/25'
2013/02/01 13:19:05| WARNING: because of this '138.18.18.0/25' is
ignored to keep splay tree searching predictable
2013/02/01 13:19:05| WARNING: You should probably remove
'138.18.18.0/25' from the ACL named 'clients'
2013/02/01 13:19:05| WARNING: (B) '80.239.152.0/24' is a subnetwork of
(A) '80.239.152.0/24'
2013/02/01 13:19:05| WARNING: because of this '80.239.152.0/24' is
ignored to keep splay tree searching predictable

In squid.conf ...
acl clients src 138.18.18.0/25 127.0.0.1/32
http_access allow manager clients
http_access deny manager

acl razor dstdomain .edgesuite.net .razor.tv
acl razordst dst 80.239.152.0/24
http_access deny razor razordst

acl local-servers dstdomain proxy lo localhost
always_direct allow local-servers

I've tried add "-n" but it doesn't seem to fix the problem ...
acl razor dstdomain -n .edgesuite.net .razor.tv
acl razordst dst -n 80.239.152.0/24

Thanks,
Jeff
Received on Fri Feb 01 2013 - 05:33:31 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 01 2013 - 12:00:05 MST