g f wrote:
Hello all, I am running squid2.5STABLE14 on RHEL4. I am close to rolling out squid3 on debian but unfortunately I still need to support the above RHEL build. Redhat doesnt seem to have a 2.6 rpm for RHEL4 so I cannot go to 2.6. All is working fine but I need to implement url blocking. I followed docs and numerous posts to attempt to implement url blocking but squid just seems to ignore these acls. Here is a snippet of my config: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 10.150.15.0/24 http_access allow our_networks
With this, you allow all traffic (that hasn't already been denied) from 10.150.15.0/24. For clients in this IP range, no more access rules will be checked. Have a look at the FAQ (http://wiki.squid-cache.org/SquidFaq/SquidAcl) for more.
acl our_servers src 10.150.7.0/24 http_access allow our_servers acl msn url_regex toyota http_access deny msn http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all Now I also tried the following: acl msn dstdomain .toyota.com http_access deny msn acl msn_file url_regex "/etc/squid/blocker.txt" http_access deny msn_file I started squid using debug /usr/sbin/squid -NCd10 and get no errors. It seems to just ignore these acls. Any ideas? Thanks in advance. Graham
Chris
