[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squid ACLs does not work

Gidday dude.  (cc'd to the list because your email address is poked.)

I run squid as the sole cache for a medium sized school network (100 PCs in 
an NT domain with a satellite dish at about 400 kbit/s)

We need to censor (or be seen to make an effort to censor) web content. 
 First we used Cyberpatrol and MS Proxy on the NT server, but a twin PII 
350 NT server could not keep up with it.  So I used squidGuard (with a G) 
and squid to filter.

squidGuard is an external redirector - squid will spawn X copies of it and 
use them to check a URL.  squidGuard can have a million URLs and will only 
take a second to scan, or about 10 to 12 regular expressions will add a 
second too.

I simply use the regexp   /ad/|/ads/|/chat/|/irc/|/mail/ and that blocks 50 
% of sites we don't want (chat rooms and web based email)  When I see a 
site flit past on the console or see a student using one that should be 
blocked I simply add it to a raw text file, which is then compiled into a 
berkley DB and squid gets reconfigured.

Squid ACLs are messy and not really intended for filtering based on URLs - 
rather they seem to be for controlling what machines can access your squid 
cache, and which domains your clients get direct (uncached) access to.

Yell out if you want a copy of my filter files.

----------
From: 	sgaerner@shining.shadow.org[SMTP:sgaerner@shining.shadow.org]
Sent: 	Friday, 24 March 2000 10:13 AM
To: 	debian-user@lists.debian.org
Subject: 	Squid ACLs does not work

Hi,

I have some problems with squid and its ACLs.

I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5.
My ACL section in /etc/squid.conf looks like the following.

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
acl BanDomains dstdomain "/etc/ban_domains.squid"
acl localdomain srcdomain localdomain.own
:
http_access allow localdomain
http_access deny BanDomains
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

And the file /etc/ban_domains.squid looks like...
netscape.com
microsoft.com
msdn.com
realnetworks.com

But when I try connect to www.microsoft.com the proxy rersolves the 
hostname
and connects. (My browser is configured to use the proxy, of course...).

Does anyone have an idea where I made a mistake?

Thanks.

Sven

----------------------------------
Please reply only to
sgaerner@gmx.net.
----------------------------------
Date: 23-Mar-2000
Time: 23:07:15
----------------------------------


--
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < 
/dev/null
Reply to: