Leslie Jensen wrote:
2009/4/6 Leslie Jensen <leslie@xxxxxxx>
Leslie Jensen wrote:
Hello
My Proxy, Squid-3.0.13 on FreeBSD 7.1-RELEASE-p4, is running fine
but I
can't get the folowing to work.
# acl blocked_sites dstdomain .aftonbladet.se.
acl blocked_sites dstdomain "/usr/local/etc/squid/dstdomain"
deny_info ERR_ACCESS_DENIED blocked_sites
http_access deny blocked_sites
I've tried both to list the domain in squid.conf and in the file
"/usr/local/etc/squid/dstdomain"
None of the options seems to work, no blocking occours. If I put in
the
complete path to the ERR_ACCESS_DENIED, I get an error when I do squid
-NCd1
I suspect that maybe the order of the acl's can affect but I need some
help to diagnose the problem.
Yes order is important. Squid processes http_access stop-down and first
match wins.
ERR_ACCESS_DENIED is the default page displayed for "http_access deny".
you don't have to specify its use.
Amos
--
Do I dare ask if someone will take a look at my conf file?
I think I'm going blind looking at my rules! I believe I've done it
right,
but obviously I have not. I need the acl dstdomain to work and I
can't see
where I'm wrong.
I'v tried to define only one domain and I've tried with a file with
domain
names, none of them seem to work.
I've also considered the order of my rules but I can't get it to work.
Please help! Thanks
/Leslie
----------------- snip -----------------
----------------- snip -----------------
Bharath Raghavendran skrev:
> Were you testing it with a non-localhost client? The only line i can
> see that can affect it is
> "http_access allow localhost" .. which means localhost gets access
> irrespective of the http_access directives that come after this one.
>
> btw, although this is not related to the problem, you have
> "http_access deny all" after "http_access deny blockedlist" ... which
> means even if request isnt in blockedlist, yet it will be denied ...
> which kind of makes blockedlist acl useless .. probably u didnt intend
> that.
>
> -Bharath
>
I'm testing with a host on localnet.
No, you are right I did not intend that. How do you suggest I go about
configuring so that the localnet is affected by the acl blockedlist?
/Leslie
Um, the config you showed simplifies down to:
allow localhost access anywhere.
deny anything else. Period.
I think you want:
#
# If we want to block certain sites.
#
# acl blockedsites dstdomain .aftonbladet.se.
acl blockedsites dstdomain .squid-cache.org
# acl blockedsites dstdomain "/usr/local/etc/squid/dstdomain"
#
# Show message when blocked
# deny_info ERR_ACCESS_DENIED blocked_sites
#
http_access deny blockedsites
# allow local network to other sites.
http_access allow localhost
http_access allow localnet
#
# And deny all other access to this proxy
#
http_access deny all
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6