Boniforti Flavio wrote:
Missing the ACL defininitions, specifically that for
'localnet'. Maybe you have not set your local network range
properly into it.
Sorry, here the ACLs:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 172.16.16.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl domini_bloccati dstdomain "/etc/squid3/domini_bloccati.acl"
My network is 172.16.16.0/24...
In that case the config you posted is all correct. You have a global
allow for localnet before domini_bloccati is ever tested so it can't
even be a bad domain entry in there.
It must be something else doing the denial.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
