ok thank you Amos. I think that I figured it out. at the beginning I had this one : 168 acl MyNet src x.x.x.x/y.y.y.y 173 acl BadClients srcdomain none 257 http_access deny BadClients 259 http_access allow MyNet 260 http_access deny all 284 deny_info ERR_CUSTOM_ACCESS_DENIED BadClients Now I changed the MyNet ACL to : 168 acl BadClients srcdomain none 170 acl MyNet srcdomain .mydomain.xyz 259 http_access deny BadClients 261 http_access allow MyNet 262 http_access deny all 284 deny_info ERR_CUSTOM_ACCESS_DENIED BadClients and it seems to work fine. regards, Jan ________________________________________ From: Amos Jeffries [squid3@xxxxxxxxxxxxx] Sent: Thursday, January 21, 2010 1:08 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: srcdomain none On Wed, 20 Jan 2010 14:25:43 +0100, "Zeller, Jan" <jan.zeller@xxxxxxxxxxx> wrote: > Dear Squid-list, > > i am a bit confused about : > http://www.squid-cache.org/Versions/v3/3.0/cfgman/acl.html > > acl aclname srcdomain .foo.com ... # reverse lookup, from client IP > The name "none" is used if the reverse lookup fails. > > > What I want to achieve is to deny access to clients which have no DNS > entry. > My ACL actually looks like this : > > acl BadClients srcdomain none > deny_info ERR_CUSTOM_ACCESS_DENIED BadClients > http_access deny BadClients > > But it doesn't work properly. The message which is defined in > ERR_CUSTOM_ACCESS_DENIED appears but once the refresh button (or CTRL-R) in > the browser (IE & Firefox) is pressed access is granted. > What am I doing wrong here ? / Set debug_options 28,3 and find out. Amos
