Search squid archive

Re: acl dstdomains does not block!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






2009/4/6 Leslie Jensen <leslie@xxxxxxx>

Leslie Jensen wrote:
Hello

My Proxy, Squid-3.0.13 on FreeBSD 7.1-RELEASE-p4, is running fine but I
can't get the folowing to work.
# acl blocked_sites dstdomain .aftonbladet.se.
   acl blocked_sites dstdomain "/usr/local/etc/squid/dstdomain"
deny_info ERR_ACCESS_DENIED blocked_sites
                         http_access deny blocked_sites

I've tried both to list the domain in squid.conf and in the file
"/usr/local/etc/squid/dstdomain"
None of the options seems to work, no blocking occours. If I put in the
complete path to the ERR_ACCESS_DENIED, I get an error when I do squid
-NCd1
I suspect that maybe the order of the acl's can affect but I need some
help to diagnose the problem.
Yes order is important. Squid processes http_access stop-down and first
match wins.
ERR_ACCESS_DENIED is the default page displayed for "http_access deny".
you don't have to specify its use.
Amos
--
Do I dare ask if someone will take a look at my conf file?

I think I'm going blind looking at my rules! I believe I've done it right,
but obviously I have not. I need the acl dstdomain to work and I can't see
where I'm wrong.

I'v tried to define only one domain and I've tried with a file with domain
names, none of them seem to work.

I've also considered the order of my rules but I can't get it to work.

Please help! Thanks

/Leslie


----------------- snip -----------------


----------------- snip -----------------


Bharath Raghavendran skrev:
> Were you testing it with a non-localhost client? The only line i can
> see that can affect it is
> "http_access allow localhost" .. which means localhost gets access
> irrespective of the http_access directives that come after this one.
>
> btw, although this is not related to the problem, you have
> "http_access deny all" after "http_access deny blockedlist" ... which
> means even if request isnt in blockedlist, yet it will be denied ...
> which kind of makes blockedlist acl useless .. probably u didnt intend
> that.
>
> -Bharath
>


I'm testing with a host on localnet.

No, you are right I did not intend that. How do you suggest I go about configuring so that the localnet is affected by the acl blockedlist?

/Leslie

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux