ACLs and localhost

"paul cooper" <pdcooper@xxxxxxxxxxxxxxxx> · Sun, 23 Mar 2008 17:51:38 -0000 (UTC)

4 users , 1 machine, with squid running and a GUI

Im having problems getting the time-based ACLs sorted. To test it ive
added a sat/sun ACL which should allow access between 08:00 and 10:00

 Config 1

hepworth emma # cat /etc/squid/squid.conf |grep ^acl
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth REQUIRED
acl emma proxy_auth REQUIRED
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl weekends time SA 08:00-10:00
acl beforeschool  time MTWHF 07:30-09:00
acl afterschool  time  MTWHF 16:00-20:00
hepworth emma # cat /etc/squid/squid.conf |grep  ^http
http_port 3128
http_access allow emma weekends
http_access allow Safe_ports
http_access allow andrew
http_access deny localhost
http_access deny all

it asks me for a login (emma) and  then gives access

2008/03/23 16:05:44| aclCheckFast: list: 0x82a7748
2008/03/23 16:05:44| aclMatchAclList: checking all
2008/03/23 16:05:44| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:44| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:44| aclMatchAclList: returning 1
2008/03/23 16:05:44| aclCheck: checking 'http_access allow emma weekends'
2008/03/23 16:05:44| aclMatchAclList: checking emma
2008/03/23 16:05:44| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:05:44| aclMatchAcl: returning 0 sending authentication
challenge.
2008/03/23 16:05:44| aclMatchAclList: no match, returning 0
2008/03/23 16:05:44| aclCheck: requiring Proxy Auth header.
2008/03/23 16:05:44| aclCheck: match found, returning 2
2008/03/23 16:05:44| aclCheckCallback: answer=2
2008/03/23 16:05:44| The request GET http://grolma.no-ip.org/ is DENIED,
because it matched 'emma'
2008/03/23 16:05:44| The reply for GET http://grolma.no-ip.org/ is
ALLOWED, because it matched 'emma'
2008/03/23 16:05:49| aclCheckFast: list: 0x82a7748
2008/03/23 16:05:49| aclMatchAclList: checking all
2008/03/23 16:05:49| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:49| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:49| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: checking 'http_access allow emma weekends'
2008/03/23 16:05:50| aclMatchAclList: checking emma
2008/03/23 16:05:50| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:05:50| aclMatchAcl: returning 0 sending credentials to helper.
2008/03/23 16:05:50| aclMatchAclList: no match, returning 0
2008/03/23 16:05:50| aclCheck: checking password via authenticator
2008/03/23 16:05:50| aclCheck: checking 'http_access allow emma weekends'
2008/03/23 16:05:50| aclMatchAclList: checking emma
2008/03/23 16:05:50| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:05:50| aclMatchUser: user is emma, case_insensitive is 0
2008/03/23 16:05:50| Top is (nil), Top->data is Unavailable
2008/03/23 16:05:50| aclMatchUser: user REQUIRED and auth-info present.
2008/03/23 16:05:50| aclMatchAclList: checking weekends
2008/03/23 16:05:50| aclMatchAcl: checking 'acl weekends time SA 08:00-10:00'
2008/03/23 16:05:50| aclMatchTime: checking 965 in 480-600, weekbits=41
2008/03/23 16:05:50| aclMatchAclList: no match, returning 0
2008/03/23 16:05:50| aclCheck: checking 'http_access allow Safe_ports'
2008/03/23 16:05:50| aclMatchAclList: checking Safe_ports
2008/03/23 16:05:50| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| The request GET http://grolma.no-ip.org/ is ALLOWED,
because it matched 'Safe_ports'
2008/03/23 16:05:50| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:05:50| aclMatchAclList: checking QUERY
2008/03/23 16:05:50| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:05:50| aclMatchRegex: checking '/'
2008/03/23 16:05:50| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:05:50| aclMatchRegex: looking for '\?'
2008/03/23 16:05:50| aclMatchAclList: no match, returning 0
2008/03/23 16:05:50| aclCheck: NO match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| clientProcessHit: HIT
2008/03/23 16:05:50| aclCheckFast: list: 0x82a7df8
2008/03/23 16:05:50| aclMatchAclList: checking all
2008/03/23 16:05:50| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:50| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:05:50| aclMatchAclList: checking all
2008/03/23 16:05:50| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:50| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| The reply for GET http://grolma.no-ip.org/ is
ALLOWED, because it matched 'all'
2008/03/23 16:05:50| aclCheckFast: list: 0x82a7748
2008/03/23 16:05:50| aclMatchAclList: checking all
2008/03/23 16:05:50| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:50| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: checking 'http_access allow emma weekends'
2008/03/23 16:05:50| aclMatchAclList: checking emma
2008/03/23 16:05:50| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:05:50| aclCacheMatchAcl: cache hit on acl '0x82a7d38'
2008/03/23 16:05:50| aclMatchAclList: checking weekends
2008/03/23 16:05:50| aclMatchAcl: checking 'acl weekends time SA 08:00-10:00'
2008/03/23 16:05:50| aclMatchTime: checking 965 in 480-600, weekbits=41
2008/03/23 16:05:50| aclMatchAclList: no match, returning 0
2008/03/23 16:05:50| aclCheck: checking 'http_access allow Safe_ports'
2008/03/23 16:05:50| aclMatchAclList: checking Safe_ports
2008/03/23 16:05:50| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| The request GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'Safe_ports'
2008/03/23 16:05:50| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:05:50| aclMatchAclList: checking QUERY
2008/03/23 16:05:50| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:05:50| aclMatchRegex: checking '/favicon.ico'
2008/03/23 16:05:50| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:05:50| aclMatchRegex: looking for '\?'
2008/03/23 16:05:50| aclMatchAclList: no match, returning 0
2008/03/23 16:05:50| aclCheck: NO match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| aclCheckFast: list: (nil)
2008/03/23 16:05:50| aclCheckFast: no matches, returning: 1
2008/03/23 16:05:50| aclCheckFast: list: 0x82a7df8
2008/03/23 16:05:50| aclMatchAclList: checking all
2008/03/23 16:05:50| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:50| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:05:50| aclMatchAclList: checking all
2008/03/23 16:05:50| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:05:50| aclMatchIp: '127.0.0.1' found
2008/03/23 16:05:50| aclMatchAclList: returning 1
2008/03/23 16:05:50| aclCheck: match found, returning 1
2008/03/23 16:05:50| aclCheckCallback: answer=1
2008/03/23 16:05:50| The reply for GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'all'

so i negate the time , and it still gives me access

hepworth emma # cat /etc/squid/squid.conf |grep ^http
http_port 3128
http_access allow emma !weekends
http_access allow Safe_ports
http_access allow andrew
http_access deny localhost
http_access deny all
hepworth emma #
2008/03/23 16:10:41| aclCheckFast: list: 0x82a7748
2008/03/23 16:10:41| aclMatchAclList: checking all
2008/03/23 16:10:41| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:41| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:41| aclMatchAclList: returning 1
2008/03/23 16:10:41| aclCheck: checking 'http_access allow emma !weekends'
2008/03/23 16:10:41| aclMatchAclList: checking emma
2008/03/23 16:10:41| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:10:41| aclMatchAcl: returning 0 sending authentication
challenge.
2008/03/23 16:10:41| aclMatchAclList: no match, returning 0
2008/03/23 16:10:41| aclCheck: requiring Proxy Auth header.
2008/03/23 16:10:41| aclCheck: match found, returning 2
2008/03/23 16:10:41| aclCheckCallback: answer=2
2008/03/23 16:10:41| The request GET http://grolma.no-ip.org/ is DENIED,
because it matched 'emma'
2008/03/23 16:10:41| The reply for GET http://grolma.no-ip.org/ is
ALLOWED, because it matched 'emma'
2008/03/23 16:10:47| aclCheckFast: list: 0x82a7748
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: checking 'http_access allow emma !weekends'
2008/03/23 16:10:47| aclMatchAclList: checking emma
2008/03/23 16:10:47| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:10:47| aclMatchAcl: returning 0 sending credentials to helper.
2008/03/23 16:10:47| aclMatchAclList: no match, returning 0
2008/03/23 16:10:47| aclCheck: checking password via authenticator
2008/03/23 16:10:47| aclCheck: checking 'http_access allow emma !weekends'
2008/03/23 16:10:47| aclMatchAclList: checking emma
2008/03/23 16:10:47| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:10:47| aclMatchUser: user is emma, case_insensitive is 0
2008/03/23 16:10:47| Top is (nil), Top->data is Unavailable
2008/03/23 16:10:47| aclMatchUser: user REQUIRED and auth-info present.
2008/03/23 16:10:47| aclMatchAclList: checking !weekends
2008/03/23 16:10:47| aclMatchAcl: checking 'acl weekends time SA 08:00-10:00'
2008/03/23 16:10:47| aclMatchTime: checking 970 in 480-600, weekbits=41
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| The request GET http://grolma.no-ip.org/ is ALLOWED,
because it matched 'weekends'
2008/03/23 16:10:47| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:10:47| aclMatchAclList: checking QUERY
2008/03/23 16:10:47| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:10:47| aclMatchRegex: checking '/'
2008/03/23 16:10:47| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:10:47| aclMatchRegex: looking for '\?'
2008/03/23 16:10:47| aclMatchAclList: no match, returning 0
2008/03/23 16:10:47| aclCheck: NO match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| clientProcessHit: HIT
2008/03/23 16:10:47| aclCheckFast: list: 0x82a7df8
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| The reply for GET http://grolma.no-ip.org/ is
ALLOWED, because it matched 'all'
2008/03/23 16:10:47| aclCheckFast: list: 0x82a7748
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: checking 'http_access allow emma !weekends'
2008/03/23 16:10:47| aclMatchAclList: checking emma
2008/03/23 16:10:47| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/23 16:10:47| aclCacheMatchAcl: cache hit on acl '0x82a7d38'
2008/03/23 16:10:47| aclMatchAclList: checking !weekends
2008/03/23 16:10:47| aclMatchAcl: checking 'acl weekends time SA 08:00-10:00'
2008/03/23 16:10:47| aclMatchTime: checking 970 in 480-600, weekbits=41
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| The request GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'weekends'
2008/03/23 16:10:47| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:10:47| aclMatchAclList: checking QUERY
2008/03/23 16:10:47| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:10:47| aclMatchRegex: checking '/favicon.ico'
2008/03/23 16:10:47| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:10:47| aclMatchRegex: looking for '\?'
2008/03/23 16:10:47| aclMatchAclList: no match, returning 0
2008/03/23 16:10:47| aclCheck: NO match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| aclCheckFast: list: (nil)
2008/03/23 16:10:47| aclCheckFast: no matches, returning: 1
2008/03/23 16:10:47| aclCheckFast: list: 0x82a7df8
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:10:47| aclMatchAclList: checking all
2008/03/23 16:10:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:10:47| aclMatchIp: '127.0.0.1' found
2008/03/23 16:10:47| aclMatchAclList: returning 1
2008/03/23 16:10:47| aclCheck: match found, returning 1
2008/03/23 16:10:47| aclCheckCallback: answer=1
2008/03/23 16:10:47| The reply for GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'all'

so i try denying emma and it gives me access without asking for a username

hepworth emma # cat /etc/squid/squid.conf |grep ^http
http_port 3128
http_access allow Safe_ports
http_access allow andrew
http_access deny localhost
http_access deny emma
http_access deny all
hepworth emma #

008/03/23 16:14:32| aclCheckFast: list: 0x82a7748
2008/03/23 16:14:32| aclMatchAclList: checking all
2008/03/23 16:14:32| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:14:32| aclMatchIp: '127.0.0.1' found
2008/03/23 16:14:32| aclMatchAclList: returning 1
2008/03/23 16:14:32| aclCheck: checking 'http_access allow Safe_ports'
2008/03/23 16:14:32| aclMatchAclList: checking Safe_ports
2008/03/23 16:14:32| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2008/03/23 16:14:32| aclMatchAclList: returning 1
2008/03/23 16:14:32| aclCheck: match found, returning 1
2008/03/23 16:14:32| aclCheckCallback: answer=1
2008/03/23 16:14:32| The request GET http://grolma.no-ip.org/ is ALLOWED,
because it matched 'Safe_ports'
2008/03/23 16:14:32| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:14:32| aclMatchAclList: checking QUERY
2008/03/23 16:14:32| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:14:32| aclMatchRegex: checking '/'
2008/03/23 16:14:32| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:14:32| aclMatchRegex: looking for '\?'
2008/03/23 16:14:32| aclMatchAclList: no match, returning 0
2008/03/23 16:14:32| aclCheck: NO match found, returning 1
2008/03/23 16:14:32| aclCheckCallback: answer=1
2008/03/23 16:14:32| aclCheckFast: list: (nil)
2008/03/23 16:14:32| aclCheckFast: no matches, returning: 1
2008/03/23 16:14:32| aclCheckFast: list: 0x82a7df8
2008/03/23 16:14:32| aclMatchAclList: checking all
2008/03/23 16:14:32| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:14:32| aclMatchIp: '127.0.0.1' found
2008/03/23 16:14:32| aclMatchAclList: returning 1
2008/03/23 16:14:32| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:14:32| aclMatchAclList: checking all
2008/03/23 16:14:32| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:14:32| aclMatchIp: '127.0.0.1' found
2008/03/23 16:14:32| aclMatchAclList: returning 1
2008/03/23 16:14:32| aclCheck: match found, returning 1
2008/03/23 16:14:32| aclCheckCallback: answer=1
2008/03/23 16:14:32| The reply for GET http://grolma.no-ip.org/ is
ALLOWED, because it matched 'all'
2008/03/23 16:14:32| aclCheckFast: list: 0x82a7748
2008/03/23 16:14:32| aclMatchAclList: checking all
2008/03/23 16:14:32| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:14:32| aclMatchIp: '127.0.0.1' found
2008/03/23 16:14:32| aclMatchAclList: returning 1
2008/03/23 16:14:33| aclCheck: checking 'http_access allow Safe_ports'
2008/03/23 16:14:33| aclMatchAclList: checking Safe_ports
2008/03/23 16:14:33| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2008/03/23 16:14:33| aclMatchAclList: returning 1
2008/03/23 16:14:33| aclCheck: match found, returning 1
2008/03/23 16:14:33| aclCheckCallback: answer=1
2008/03/23 16:14:33| The request GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'Safe_ports'
2008/03/23 16:14:33| aclCheck: checking 'cache deny QUERY'
2008/03/23 16:14:33| aclMatchAclList: checking QUERY
2008/03/23 16:14:33| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/23 16:14:33| aclMatchRegex: checking '/favicon.ico'
2008/03/23 16:14:33| aclMatchRegex: looking for 'cgi-bin'
2008/03/23 16:14:33| aclMatchRegex: looking for '\?'
2008/03/23 16:14:33| aclMatchAclList: no match, returning 0
2008/03/23 16:14:33| aclCheck: NO match found, returning 1
2008/03/23 16:14:33| aclCheckCallback: answer=1
2008/03/23 16:14:33| aclCheckFast: list: (nil)
2008/03/23 16:14:33| aclCheckFast: no matches, returning: 1
2008/03/23 16:15:04| aclCheckFast: list: 0x82a7df8
2008/03/23 16:15:04| aclMatchAclList: checking all
2008/03/23 16:15:04| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:15:04| aclMatchIp: '127.0.0.1' found
2008/03/23 16:15:04| aclMatchAclList: returning 1
2008/03/23 16:15:04| aclCheck: checking 'http_reply_access allow all'
2008/03/23 16:15:04| aclMatchAclList: checking all
2008/03/23 16:15:04| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/23 16:15:04| aclMatchIp: '127.0.0.1' found
2008/03/23 16:15:04| aclMatchAclList: returning 1
2008/03/23 16:15:04| aclCheck: match found, returning 1
2008/03/23 16:15:04| aclCheckCallback: answer=1
2008/03/23 16:15:04| The reply for GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'all'

I think its giving me access from localhost.
Ive commented out  all the  default localhost configs and added http_acess
deny localhost but its not stopping it
How do i configure this ?