Search squid archive

allowed sites acl gives problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear All,

I been using using for quite some time and itsa excellent stable product

by the way I do have some diffculty

I want to allow only specific sites to specific machines

let me explain

i have 3 machines with ip of

172.16.2.22, 172.16.2.23, 172.16.2.24

these three machine have to be able to have acceo only a few sites

like www.yahoo.com, www.google.com and www.cnn.com and probably a couple
will be added latter

so i did add a acl like below

acl sunray_allowed src 172.16.2.22 172.16.2.23 172.16.2.24
acl good_sites url_regex "/etc/squid/allowed-sites.squid"
http_access allow sunray_allowed good_sites

here is my allowed-sites.squid file

.yahoo.com
.google.com
.cnn.com

now when i go to www.google.com it works fine

but when i go to yahoo or cnn the page is not displayed properly

the squid access.log says
-----------------------------------------
287745303.890      0 172.16.2.23 TCP_DENIED/403 1311 GET
http://i.cdn.turner.com/cnn/.element/js/3.0/s_code.js - NONE/- text/html
1287745303.903      0 172.16.2.23 TCP_DENIED/403 1309 GET
http://content.dl-rms.com/rms/mother/5721/nodetag.js - NONE/- text/html
1287745303.911      0 172.16.2.23 TCP_DENIED/403 1333 GET
http://i.cdn.turner.com/cnn/.element/js/3.0/hpsectiontracking.js - NONE/-
text/html
1287745303.916      0 172.16.2.23 TCP_DENIED/403 1285 GET
http://i.cdn.turner.com/cnn/images/1.gif - NONE/- text/html
1287745303.917      0 172.16.2.23 TCP_DENIED/403 1275 GET
http://js.revsci.net/gateway/gw.js? - NONE/- text/html
1287745303.917    997 172.16.2.23 TCP_MISS/000 0 GET
http://www.cnn.com/ght= - DIRECT/157.166.224.26 -
1287745304.086    724 172.16.2.23 TCP_MISS/302 730 GET
http://www.cnn.com/.element/img/3.0/1px.gif - DIRECT/157.166.226.25
text/html
1287745304.999    913 172.16.2.23 TCP_REFRESH_HIT/304 426 GET
http://edition.cnn.com/.element/img/3.0/1px.gif - DIRECT/157.166.224.45
image/gif
1287745305.346    327 172.16.2.23 TCP_REFRESH_MISS/302 727 GET
http://www.cnn.com/tools/search/cnncom.xml - DIRECT/157.166.226.25
text/html
------------------------
other sites are denied as normal which is perfect.

i also tried usin dstdomain in place of url_regex but the same problem

I would really apprecite if someone could help me


regards


simon

-- 
Network ADMIN
-------------
KUWAIT MUNICIPALITY:


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux