Re: Squid ACLs does not work
Gidday dude. (cc'd to the list because your email address is poked.)
I run squid as the sole cache for a medium sized school network (100 PCs in
an NT domain with a satellite dish at about 400 kbit/s)
We need to censor (or be seen to make an effort to censor) web content.
First we used Cyberpatrol and MS Proxy on the NT server, but a twin PII
350 NT server could not keep up with it. So I used squidGuard (with a G)
and squid to filter.
squidGuard is an external redirector - squid will spawn X copies of it and
use them to check a URL. squidGuard can have a million URLs and will only
take a second to scan, or about 10 to 12 regular expressions will add a
second too.
I simply use the regexp /ad/|/ads/|/chat/|/irc/|/mail/ and that blocks 50
% of sites we don't want (chat rooms and web based email) When I see a
site flit past on the console or see a student using one that should be
blocked I simply add it to a raw text file, which is then compiled into a
berkley DB and squid gets reconfigured.
Squid ACLs are messy and not really intended for filtering based on URLs -
rather they seem to be for controlling what machines can access your squid
cache, and which domains your clients get direct (uncached) access to.
Yell out if you want a copy of my filter files.
----------
From: sgaerner@shining.shadow.org[SMTP:sgaerner@shining.shadow.org]
Sent: Friday, 24 March 2000 10:13 AM
To: debian-user@lists.debian.org
Subject: Squid ACLs does not work
Hi,
I have some problems with squid and its ACLs.
I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5.
My ACL section in /etc/squid.conf looks like the following.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
acl BanDomains dstdomain "/etc/ban_domains.squid"
acl localdomain srcdomain localdomain.own
:
http_access allow localdomain
http_access deny BanDomains
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
And the file /etc/ban_domains.squid looks like...
netscape.com
microsoft.com
msdn.com
realnetworks.com
But when I try connect to www.microsoft.com the proxy rersolves the
hostname
and connects. (My browser is configured to use the proxy, of course...).
Does anyone have an idea where I made a mistake?
Thanks.
Sven
----------------------------------
Please reply only to
sgaerner@gmx.net.
----------------------------------
Date: 23-Mar-2000
Time: 23:07:15
----------------------------------
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org <
/dev/null
Reply to: