Search squid archive

[squid-users] dstdomain acl is not working for IP addresses- squid-STABLE10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

     squid-STABLE10 ( compiled from the official source )
     Linux - Slackware

     I am having troubles with dstdomain acl.
     I have already looked at my confs and they seen to be correct.
     Could someone, please, help me to find what is the problem?

     My conf, and some example of files used there, are at the bottom.

     Lets use, arbitrary, for example, the domain: miniclip.com

     As could be seen in confs, I have this domain in dst_a(acl), but if I
try to acess www.miniclip.com using 66.165.172.181 ip address it
loads with no problem.

     I have tried some regex to get ip addresses in url_regex acl, but I
got some problems, as, for example, hotmail. When trying to download
files there, the URL is generated using ip addresses and gets
blocked. So, I have to get dstdomain working.

     I have a lot of more lines in dst_a.txt and porn_a.txt.

     Please, what did I miss?
     Thank you for your attention.

Freitas

squid.conf
----------

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -v3 -h
xxx.xxx.xxx.br -p 389 -s sub -b ou=people,dc=ourdc,dc=ourdc,dc=br -u uid
-D cn=useruser,ou=DSA,dc=ourdc,dc=ourdc,dc=ourdc -w our_pass -f uid=%s

auth_param basic children 25
auth_param basic realm Digite o usuario e a senha
auth_param basic credentialsttl 2 hours

external_acl_type ldapgroup concurrency=25 %LOGIN
/usr/local/squid/libexec/squid_ldap_group -v3 -h xxx.xxx.xxx.xxx -p 389 -B
ou=people,dc=ourdc,dc=ourdc,dc=ourdc -b
ou=groups,dc=ourdc,dc=ourdc,dc=ourdc -D
cn=useruser,ou=DSA,dc=ourdc,dc=ourdc,dc=ourdc -w our_pass -f
(&(objectClass=posixGroup)(gidNumber=%a)(memberUid=%v))

acl porn url_regex -i "/usr/local/squid/etc/porn.txt"
acl noporn url_regex -i "/usr/local/squid/etc/noporn.txt"
acl porn_a url_regex -i "/usr/local/squid/etc/porn_a.txt"
acl dst_a dstdomain "/usr/local/squid/etc/dst_a.txt"
acl noporn_a url_regex -i "/usr/local/squid/etc/noporn_a.txt"
acl porn_d url_regex -i "/usr/local/squid/etc/porn_d.txt"
acl noporn_d url_regex -i "/usr/local/squid/etc/noporn_d.txt"
acl porn_f url_regex -i "/usr/local/squid/etc/porn_f.txt"
acl noporn_f url_regex -i "/usr/local/squid/etc/noporn_f.txt"
acl porn_p url_regex -i "/usr/local/squid/etc/porn_p.txt"
acl noporn_p url_regex  -i "/usr/local/squid/etc/noporn_p.txt"

acl ldap-auth proxy_auth REQUIRED
acl ldap-group-d external ldapgroup 600
acl ldap-group-p external ldapgroup 601
acl ldap-group-f external ldapgroup 602
acl ldap-group-a external ldapgroup 513
acl our_networks src 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
192.168.3.0/24 192.168.4.0/24 192.168.12.0/24 192.168.13.0/24
192.168.10.0/24 192.168.16.0/24 192.168.17.0/24 192.168.18.0/24
192.168.20.0/24 192.168.21.0/24

acl labnet src 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
#labnet is used in delay pools

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 81
acl Safe_ports port 82
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !our_networks
http_access deny !ldap-auth
http_access allow !porn_d ldap-group-d
http_access allow noporn_d ldap-group-d
http_access allow !porn_p ldap-group-p
http_access allow noporn_p ldap-group-p
http_access allow !porn_f ldap-group-f
http_access allow noporn_f ldap-group-f
http_access allow !dst_a !porn_a ldap-group-a
http_access allow !dst_a noporn_a ldap-group-a
http_access deny all

http_reply_access allow all

icp_access allow our_networks
icp_access deny all

miss_access allow our_networks
miss_access deny all

dst_a.txt
---------
.miniclip.com

porn_a.txt
----------
batepapo


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux