On Wed, 30 Nov 2011 17:07:54 -0600, Paul Crown wrote:
Greetings,
I feel I am missing something simple. I have installed squid3 on
Ubuntu. I added
acl allow_domains dstdomain "/etc/squid3/always_direct.acl"
always_direct allow allow_domains
acl denied_domains dstdomain "/etc/squid3/denied_domains.acl"
http_access deny denied_domains
and populated both files accordingly, and restarted squid3.
Now from a terminal, curl good-url and it works. curl bad-url and it
gives me the blocked message.
Try it in firefox, and good-url and bad-url both work fine. Neither
is
blocked.
What did I forget?
Thanks.
Paul
What you are missing is two details:
Firstly, http_access and always_direct are completely unrelated
controls.
- http_access determins whether Squid is allowed to service the
request.
- always_direct determines whether Squid MUST (versus MAY) service the
request using DNS lookups and going directly to the public origin
server(s).
Also, you are missing minor details about the URL being tested. ie
- whether the browse is automatically adding "www." in front of the
domain, or not
- whether curl is setting the HTTP/1.1 Host: header correctly, or not
- whether the browse and terminal tools were run on the same machine,
or not
- whether you have any other access controls affecting the requests (ie
a browser type ACL allowing Mozilla/* agents through before these
controls)
Amos
