Search squid archive

Re: acl dstdomains does not block!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Leslie Jensen wrote:



2009/4/6 Leslie Jensen <leslie@xxxxxxx>

Leslie Jensen wrote:
Hello

My Proxy, Squid-3.0.13 on FreeBSD 7.1-RELEASE-p4, is running fine but I
can't get the folowing to work.
# acl blocked_sites dstdomain .aftonbladet.se.
   acl blocked_sites dstdomain "/usr/local/etc/squid/dstdomain"
deny_info ERR_ACCESS_DENIED blocked_sites
                         http_access deny blocked_sites

I've tried both to list the domain in squid.conf and in the file
"/usr/local/etc/squid/dstdomain"
None of the options seems to work, no blocking occours. If I put in the
complete path to the ERR_ACCESS_DENIED, I get an error when I do squid
-NCd1
I suspect that maybe the order of the acl's can affect but I need some
help to diagnose the problem.
Yes order is important. Squid processes http_access stop-down and first
match wins.
ERR_ACCESS_DENIED is the default page displayed for "http_access deny".
you don't have to specify its use.
Amos
--
Do I dare ask if someone will take a look at my conf file?

I think I'm going blind looking at my rules! I believe I've done it right, but obviously I have not. I need the acl dstdomain to work and I can't see
where I'm wrong.

I'v tried to define only one domain and I've tried with a file with domain
names, none of them seem to work.

I've also considered the order of my rules but I can't get it to work.

Please help! Thanks

/Leslie


----------------- snip -----------------


----------------- snip -----------------


Bharath Raghavendran skrev:
 > Were you testing it with a non-localhost client? The only line i can
 > see that can affect it is
 > "http_access allow localhost" .. which means localhost gets access
 > irrespective of the http_access directives that come after this one.
 >
 > btw, although this is not related to the problem, you have
 > "http_access deny all" after "http_access deny blockedlist" ... which
 > means even if request isnt in blockedlist, yet it will be denied ...
 > which kind of makes blockedlist acl useless .. probably u didnt intend
 > that.
 >
 > -Bharath
 >


I'm testing with a host on localnet.

No, you are right I did not intend that. How do you suggest I go about configuring so that the localnet is affected by the acl blockedlist?

/Leslie

Um, the config you showed simplifies down to:

 allow localhost access anywhere.
 deny anything else. Period.

I think you want:

#
#     If we want to block certain sites.
#
#     acl blockedsites dstdomain .aftonbladet.se.
     acl blockedsites dstdomain .squid-cache.org
#     acl blockedsites dstdomain "/usr/local/etc/squid/dstdomain"
#
#     Show message when blocked
#     deny_info ERR_ACCESS_DENIED blocked_sites
#
     http_access deny blockedsites

# allow local network to other sites.

  http_access allow localhost
  http_access allow localnet

#
#     And deny all other access to this proxy
#
     http_access deny all


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.6

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux