Thanks both, In fact there was a acl all lost in the config file, it was there sinse 2.x version, I think in 2.x version there was a acl all by default. Ok it's solved :) Jorge > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: sábado, 26 de Julho de 2008 6:11 > To: Leonardo Rodrigues Magalhães > Cc: ML squid > Subject: Re: ACL named "all" > > Leonardo Rodrigues Magalhães wrote: > > > > > > Jorge Bastos escreveu: > >> Hi people, > >> > >> Since first 3.0 version i've noticed this: > >> 2008/07/25 21:56:24| WARNING: '0.0.0.0/0.0.0.0' is a subnetwork of > >> '192.168.1.0/255.255.255.0' > >> 2008/07/25 21:56:24| WARNING: because of this > >> '192.168.1.0/255.255.255.0' is > >> ignored to keep splay tree searching predictable > >> 2008/07/25 21:56:24| WARNING: You should probably remove > >> '0.0.0.0/0.0.0.0' > >> from the ACL named 'all' > >> > >> But now saw on the STABLE8 version changelog: > >> - Update Release Notes: 'all' ACL is built-in since > 3.0.STABLE1 > >> > >> So, how should I remote this warning? > >> > >> > > > > in squid 3.0 the 'all' acl is built-in. So if you try to define it > in > > your squid.conf, than you'll be redefining an already defined ACL. > > > > How to remove the warning ?? simply remove the 'acl all src > > 0.0.0.0/0.0.0.0' line from your squid.conf !!! Defining this ACL is > no > > longer necessary in squid 3.0 STABLE1 and newers. > > > > Adding to that ... It looks like whomever configured your squid used > 'all' (whole internet) when they really mean local-network. This has > serious security implications, which is part of why its now built-in. > > In addition to removing the all ACL definition from your squid.conf. > You > in particular need to audit your config access lines to make sure they > still perform according to your policies. > > Amos > -- > Please use Squid 2.7.STABLE3 or 3.0.STABLE8
