Re: Squid ACLs does not work
On Thu, Mar 23, 2000 at 11:13:42PM +0100, sgaerner@shining.shadow.org wrote
> Hi,
>
> I have some problems with squid and its ACLs.
>
> I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5.
> My ACL section in /etc/squid.conf looks like the following.
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl BanDomains dstdomain "/etc/ban_domains.squid"
> acl localdomain srcdomain localdomain.own
> :
> http_access allow localdomain
> http_access deny BanDomains
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> And the file /etc/ban_domains.squid looks like...
> netscape.com
> microsoft.com
> msdn.com
> realnetworks.com
>
> But when I try connect to www.microsoft.com the proxy rersolves the hostname
> and connects. (My browser is configured to use the proxy, of course...).
>
> Does anyone have an idea where I made a mistake?
>
I'm assuming that squid's "file" ACLs work; I've never used them myself.
Is /etc/ban_domains.squid readable by the user which Squid is running
as? Have you done /etc/init.d/squid reload since adding those
domains to the file?
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: