Merdouille wrote:
I used :
http_access allow manager localhost
http_access allow localnet PROTO METHOD
http_access deny all !port
I try to add deny_info options :
deny_info TCP_RESET !manager !localhost
deny_info TCP_RESET !localnet
deny_info TCP_RESET !all
or
deny_info TCP_RESET manager localhost
deny_info TCP_RESET localnet
deny_info TCP_RESET all
But i'allways have an error message "Access control configuration prevents
your request from
being allowed at this time. Please contact your service provider if
you feel this is incorrect.
etc"
Instead ofan effective TCP_reset
deny_info requires a single ACL name.
When ACL with that name is the last on the http_access line doing a
"deny" action the deny_info page/action will be given.
None of your ACL listed for deny_info are the last on their lines.
Only 'port' is on a line doing deny.
Please note that TCP_RESET when used will not prevent abusive hosts, but
risks a mini DDoS against yourself as clients attempt to reconnect the
failed link. Use carefully.
If I may say so you have the weirdest config I've seen in months. What
exactly are you trying to do with your Squid?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
