On Monday 03 April 2006 11:54, Henrik Nordstrom wrote: > mån 2006-04-03 klockan 09:08 -0600 skrev Dmitry S. Makovey: > > Yes - it's a restrictive reverse proxy, or gateway if you wish - > > Machines are not allowed to do outbound connections themselves > > and all the outbound traffic is being filtered based on network > > machine belongs to and other criteria. Posted ruleset was just a > > beginning of what I intend to do but even as "simple" as it is it > > didn't work. > > The reason why I ask is because http_reply_access is "post mortem" > access controls, meant to complement your http_access rules with > additional rules which can only be resolved when the request has > been forwarded and the reply is coming back. Prime example is > checking the response mime type. that is exactly what I'm trying to do: I need to check if incoming filetype is XML and only XML is being passed back to client. > To get to http_reply_access you must first pass http_access. I think I resolved this one... at least log file reports this as being passed. But now I've got completely new problem: Squid seems to be falling into some loop with output like: 2006/04/03 13:50:59| aclMatchAclList: checking from_clients 2006/04/03 13:50:59| aclMatchAcl: checking 'acl from_clients src 192.168.1.0/255.255.255.0' 2006/04/03 13:50:59| aclMatchIp: '192.168.1.6' found 2006/04/03 13:50:59| aclMatchAclList: returning 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: (nil) 2006/04/03 13:50:59| aclCheckFast: no matches, returning: 1 2006/04/03 13:50:59| aclCheckFast: list: 0x9acd910 and from one request it generates about 200M worth of logs! 8-O I can re-post my squid.conf if that helps. -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245
Attachment:
pgpagNSCpBvTT.pgp
Description: PGP signature