Date: Sat, 5 Feb 2005 12:09:04 +0100 (CET)
From: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
To: johnsuth@xxxxxxxxxxxxx
Cc: Squid Users <squid-users@xxxxxxxxxxxxxxx>
Subject: Re: [squid-users] Failing to serve cached objects
On Sat, 5 Feb 2005 johnsuth@xxxxxxxxxxxxx wrote:
> I moved my squid.conf to a newer build of Squid and, Voila! Cached objects are now
> being served.
Good.
> Pity ACL seems to be broken (all urls are accessible).
Then inspect your http_access rules, and see the Squid FAQ Chapter 10
Access Controls.
---------------------------------
I will be grateful if you will point out where I have gone wrong here.
I thought that the last 3 ACLs defined All IP addresses, All URLs and HTTP protocol; and
that the last 3 rules denied access to them.
However I can still access www.sex.com from cache. I want it denied by default.
# TAG: acl
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
acl government urlpath_regex -i .gov
acl education urlpath_regex -i .edu
acl google dstdomain .google.com.au
acl acenet dstdomain .acenet.com.au
acl localnet src 192.168.100.0/24
acl ip dst 0.0.0.0/0.0.0.0
acl www urlpath_regex -i www.
acl http proto HTTP
# TAG: http_access
#Recommended minimum configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost
http_access allow government
http_access allow education
http_access allow google
http_access allow acenet
http_access allow localnet
http_access deny ip
http_access deny http
http_access allow www
# TAG: http_reply_access
