One more information: I enabled debugging and got the following information:
2010/10/27 11:22:36| The request CONNECT www.facebook.com:443 is ALLOWED,
because it matched 'MyNetworkMR_Clt'
But why it matches 'MyNetworkMR_Clt' and not rule 'blocked_urls'?
Am 26.10.2010 14:12, schrieb Marc Muehlfeld:
Hello,
I have blocked some URLs through an url_regex acl, which works, if the URL
contains any protocol execept https.
The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an online regex tester: "http://www.facebook.com"
and "https://www.facebook.com" both match. But the https address can be
reached, so I think, there must be a problem in my configuration (see below).
I use 2.6.STABLE21 on CentOS 5.
Regards,
Marc
# Define networks "all" and "localhost"
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
# Default ports we allow
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 8080
# Deny requests to unknown ports
http_access deny !Safe_ports
# Only allow cachemgr access from localhost
acl manager proto cache_object
http_access allow manager localhost
http_access deny manager
# Deny CONNECT to other than SSL ports
acl SSL_ports port 443
acl SSL_ports port 8443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
# Block access from all IPs to URLs out of this file
acl blocked_urls url_regex "/etc/squid/blocked_urls.lst"
deny_info ERR_BLOCKED_PRIVATE blocked_urls
http_access deny all blocked_urls
# Allow access from all of our subnets
acl MyNetworkMR_Srv src 192.168.29.0/24
acl MyNetworkMR_Clt src 10.1.0.0/21
http_access allow MyNetworkMR_Srv
http_access allow MyNetworkMR_Clt
# Allow access from localhost
http_access allow localhost
# Finally deny all other access to this proxy
http_access deny all
--
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de