can you share a list of built-in ACL? On Mon, Oct 1, 2012 at 9:57 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 2/10/2012 5:11 p.m., 叶雨飞 wrote: >> >> Hi, it looks like squid 3.2 have built ACLs ,I'm getting these warnings: >> >> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) >> '127.0.0.1' >> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored >> to keep splay tree searching predictable >> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1' >> from the ACL named 'localhost' >> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.1' is a subnetwork of (A) >> '127.0.0.1' >> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.1' is ignored >> to keep splay tree searching predictable >> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.1' >> from the ACL named 'localhost' >> 2012/10/01 21:11:01| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) >> '127.0.0.0/8' >> 2012/10/01 21:11:01| WARNING: because of this '127.0.0.0/8' is ignored >> to keep splay tree searching predictable >> 2012/10/01 21:11:01| WARNING: You should probably remove '127.0.0.0/8' >> from the ACL named 'to_localhost' >> 2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A) >> '0.0.0.0' >> 2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to >> keep splay tree searching predictable >> 2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0' >> from the ACL named 'to_localhost' >> 2012/10/01 21:11:01| WARNING: (B) '0.0.0.0' is a subnetwork of (A) >> '0.0.0.0' >> 2012/10/01 21:11:01| WARNING: because of this '0.0.0.0' is ignored to >> keep splay tree searching predictable >> 2012/10/01 21:11:01| WARNING: You should probably remove '0.0.0.0' >> from the ACL named 'to_localhost' >> >> >> relevant configs are >> >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network >> acl localnet src 192.168.0.0/16 >> acl to_localnet dst 10.0.0.0/8 >> acl to_localnet dst 172.16.0.0/12 >> acl to_localnet dst 192.168.0.0/16 >> >> http_access allow manager localhost >> http_access deny manager >> >> acl internal-url urlpath_regex ^/squid-internal-.* >> http_access allow localnet to_localhost internal-url >> http_access deny to_localhost >> http_access deny to_localnet >> >> >> is this expected? > > > Yes. Please follow the instructions Squid wrote in the WARNING message(s). > > Squid-3.2 contains a lot of these upgrade assistance warnings. Please run > "squid -k parse" to verify the rest of your configuration file as well. > > Amos
