>ACLs don't seem to be checked when squid serves cached content (likely in >the interest of speed). Many thanks Chris for your generous offer and your suggestions. Also to Henrik for clarifying the structure of URLs. My frustration, which I tried to conceal in my posts, but which you detected, was due not to the unwanted object being in cache, but due to it's sailing past what I thought were three consecutive deny by default rules. I even inverted the permission in the last line, although it goes against my grain to write allow when I mean deny. Remember also, these rules were added to shore up the s8 build of Squid. They were not needed for the s5 build, where ACLs worked perfectly. I tested my rules again by dreaming up a url which was definitely not in cache, www.elephants.com. Alas, there is such a site and it is on screen and in cache now. It sailed past my deny by default rules. Is my syntax so bad that not one of these rules will deny all destinations not previously allowed? Is it OK to interleave definitions and rules in squid.conf to make it easier for me and others to follow my logic? e.g.:- acl government dstdom_regex -i .gov http_access allow government acl education dstdom_regex -i .edu http_access allow education acl google dstdomain .google.com.au http_access allow google acl ip dst 0.0.0.0/0.0.0.0 http_access deny ip Does this not deny all LAN and WAN destinations? acl http proto HTTP http_access deny http Does this not deny all HTTP requests? acl www url_regex -i www. http_access allow www Does this not deny all www URLs? In my discussions with Squid users in the OS/2 Usenet, I learned that they all stick with old versions of Squid because they ain't broke. It seems to me that both binaries I have tried are working without error, but not as intended. Have I just had bad luck in selecting recent binaries to work on my particular system? No one's honour is at stake here. I am just hoping that people with far more Squid experience than I, can point me to the cause of what seems to be an astoundingly elementary problem, when compared with the other challenges discussed in this mailing list.
