On 03/20/2013 12:12 PM, Delton wrote:
>>>>> http_access allow localhost manager
>>>>> http_access deny manager
>>>>> http_access deny !Safe_ports
>>>>> http_access deny CONNECT !SSL_ports
>>>>> http_access deny block
>> OK, the above makes sense.
>>>>> http_access deny all
>> Now you are denying access to all requests that did not match the
>> earlier http_access rules. Thus, only the above rules matter and you are
>> only allowing access to localhost cache manager. Do you really want to
>> block all non-manager traffic going through Squid?
>>
>> And the following rules have no effect since "all" in "deny all" above
>> always matches:
> This is a little confusing to me. I just added the lines:
>
> acl block url_regex .facebook.com
> http_access deny block
>
> The rest are default settings.
The default settings (i.e., squid.conf.default) allow localnet and
localhost requests _before_ denying all others. You added a facebook
deny rule (which is fine), but AFAICT, you also moved the allow rules
after "deny all", where they do not work. The order of http_access rules
is important because the first matching rule wins.
Default settings deny access to virtually all non-local requests. Your
setting deny access to virtually all requests. You need to adjust them
to match your needs. This is not related to your error-on-F5 problem,
but it needs to be fixed if you want Squid to proxy something.
Hope this clarifies,
Alex.
Received on Wed Mar 20 2013 - 23:06:16 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 21 2013 - 12:00:04 MDT