Re: Squid ACLs does not work
Yes, I ran /etc/init.d/squid restart to reload the config file and the
/etc/ban_domains.squid is readable to all, so this should no be a problem.
Sven
On 24-Mar-2000 John Pearson wrote:
> On Thu, Mar 23, 2000 at 11:13:42PM +0100, sgaerner@shining.shadow.org wrote
>> Hi,
>>
>> I have some problems with squid and its ACLs.
>>
>> I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5.
>> My ACL section in /etc/squid.conf looks like the following.
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 21 443 563 70 210 1025-65535
>> acl purge method PURGE
>> acl CONNECT method CONNECT
>> acl BanDomains dstdomain "/etc/ban_domains.squid"
>> acl localdomain srcdomain localdomain.own
>> :
>> http_access allow localdomain
>> http_access deny BanDomains
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access deny purge
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>>
>> And the file /etc/ban_domains.squid looks like...
>> netscape.com
>> microsoft.com
>> msdn.com
>> realnetworks.com
>>
>> But when I try connect to www.microsoft.com the proxy rersolves the hostname
>> and connects. (My browser is configured to use the proxy, of course...).
>>
>> Does anyone have an idea where I made a mistake?
>>
>
> I'm assuming that squid's "file" ACLs work; I've never used them myself.
>
> Is /etc/ban_domains.squid readable by the user which Squid is running
> as? Have you done /etc/init.d/squid reload since adding those
> domains to the file?
>
>
> John P.
> --
> huiac@camtech.net.au
> john@huiac.apana.org.au
> "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org <
> /dev/null
----------------------------------
Please reply only to
sgaerner@gmx.net.
----------------------------------
Date: 24-Mar-2000
Time: 21:07:50
----------------------------------
Reply to: