[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squid ACLs does not work



Yes, I ran /etc/init.d/squid restart to reload the config file and the
/etc/ban_domains.squid is readable to all, so this should no be a problem.

Sven

On 24-Mar-2000 John Pearson wrote:
> On Thu, Mar 23, 2000 at 11:13:42PM +0100, sgaerner@shining.shadow.org wrote
>> Hi,
>> 
>> I have some problems with squid and its ACLs.
>> 
>> I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5.
>> My ACL section in /etc/squid.conf looks like the following.
>> 
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 21 443 563 70 210 1025-65535
>> acl purge method PURGE
>> acl CONNECT method CONNECT
>> acl BanDomains dstdomain "/etc/ban_domains.squid"
>> acl localdomain srcdomain localdomain.own
>> :
>> http_access allow localdomain
>> http_access deny BanDomains
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access deny purge
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> 
>> And the file /etc/ban_domains.squid looks like...
>> netscape.com
>> microsoft.com
>> msdn.com
>> realnetworks.com
>> 
>> But when I try connect to www.microsoft.com the proxy rersolves the hostname
>> and connects. (My browser is configured to use the proxy, of course...).
>> 
>> Does anyone have an idea where I made a mistake?
>> 
> 
> I'm assuming that squid's "file" ACLs work; I've never used them myself.
> 
> Is /etc/ban_domains.squid readable by the user which Squid is running
> as?  Have you done /etc/init.d/squid reload since adding those
> domains to the file?
> 
> 
> John P.
> -- 
> huiac@camtech.net.au
> john@huiac.apana.org.au
> "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org <
> /dev/null

----------------------------------
Please reply only to
sgaerner@gmx.net.
----------------------------------
Date: 24-Mar-2000
Time: 21:07:50
----------------------------------


Reply to: