Andres Salazar wrote:
Hello Amos,
# /usr/local/sbin/squid -v
Squid Cache: Version 2.7.STABLE6
Iam including the ACLs and the HTTP_ACCESS:
acl msn_mime req_mime_type -i ^application/x-msn-messenger$
acl msn_gw url_regex -i gateway.dll
acl flash_mime rep_mime_type ^application/x-shockwave-flash$
acl flash_mime_allowurl dstdomain .flashstudio.com .flashtutorials.com
89.15.79.50
acl allowedurls dstdomain "/etc/squid/url.txt"
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src x.x.x.x.x.
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 7777
acl SSL_ports port 7777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all msn_mime
http_access deny all msn_gw
"all" has no meaning at the beginning of a set of combined rules.
It might have meaning at the finishing end of the line, but in this case
not either.
http_reply_access deny flash_mime !flash_mime_allowurl
http_access allow localnet allowedurls
http_access allow localnet SSL_ports
There you go. Unlimited access to all SSL ports for localnet.
That line appears to be doing nothing but opening the HTTPS requests to
the not-allowed domains.
Allowed domains (both HTTP and HTTPS) are already allowed by "allow
localnet allowedurls"
http_access deny all
The url.txt iam sending through email.
That file had a problem too, its a wonder it worked at all. Comment
likewise in reply to that email.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
Current Beta Squid 3.1.0.16
