Dear All, I been using using for quite some time and itsa excellent stable product by the way I do have some diffculty I want to allow only specific sites to specific machines let me explain i have 3 machines with ip of 172.16.2.22, 172.16.2.23, 172.16.2.24 these three machine have to be able to have acceo only a few sites like www.yahoo.com, www.google.com and www.cnn.com and probably a couple will be added latter so i did add a acl like below acl sunray_allowed src 172.16.2.22 172.16.2.23 172.16.2.24 acl good_sites url_regex "/etc/squid/allowed-sites.squid" http_access allow sunray_allowed good_sites here is my allowed-sites.squid file .yahoo.com .google.com .cnn.com now when i go to www.google.com it works fine but when i go to yahoo or cnn the page is not displayed properly the squid access.log says ----------------------------------------- 287745303.890 0 172.16.2.23 TCP_DENIED/403 1311 GET http://i.cdn.turner.com/cnn/.element/js/3.0/s_code.js - NONE/- text/html 1287745303.903 0 172.16.2.23 TCP_DENIED/403 1309 GET http://content.dl-rms.com/rms/mother/5721/nodetag.js - NONE/- text/html 1287745303.911 0 172.16.2.23 TCP_DENIED/403 1333 GET http://i.cdn.turner.com/cnn/.element/js/3.0/hpsectiontracking.js - NONE/- text/html 1287745303.916 0 172.16.2.23 TCP_DENIED/403 1285 GET http://i.cdn.turner.com/cnn/images/1.gif - NONE/- text/html 1287745303.917 0 172.16.2.23 TCP_DENIED/403 1275 GET http://js.revsci.net/gateway/gw.js? - NONE/- text/html 1287745303.917 997 172.16.2.23 TCP_MISS/000 0 GET http://www.cnn.com/ght= - DIRECT/157.166.224.26 - 1287745304.086 724 172.16.2.23 TCP_MISS/302 730 GET http://www.cnn.com/.element/img/3.0/1px.gif - DIRECT/157.166.226.25 text/html 1287745304.999 913 172.16.2.23 TCP_REFRESH_HIT/304 426 GET http://edition.cnn.com/.element/img/3.0/1px.gif - DIRECT/157.166.224.45 image/gif 1287745305.346 327 172.16.2.23 TCP_REFRESH_MISS/302 727 GET http://www.cnn.com/tools/search/cnncom.xml - DIRECT/157.166.226.25 text/html ------------------------ other sites are denied as normal which is perfect. i also tried usin dstdomain in place of url_regex but the same problem I would really apprecite if someone could help me regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
