On 03/20/2013 12:12 PM, Delton wrote: >>>>> http_access allow localhost manager >>>>> http_access deny manager >>>>> http_access deny !Safe_ports >>>>> http_access deny CONNECT !SSL_ports >>>>> http_access deny block >> OK, the above makes sense. >>>>> http_access deny all >> Now you are denying access to all requests that did not match the >> earlier http_access rules. Thus, only the above rules matter and you are >> only allowing access to localhost cache manager. Do you really want to >> block all non-manager traffic going through Squid? >> >> And the following rules have no effect since "all" in "deny all" above >> always matches: > This is a little confusing to me. I just added the lines: > > acl block url_regex .facebook.com > http_access deny block > > The rest are default settings. The default settings (i.e., squid.conf.default) allow localnet and localhost requests _before_ denying all others. You added a facebook deny rule (which is fine), but AFAICT, you also moved the allow rules after "deny all", where they do not work. The order of http_access rules is important because the first matching rule wins. Default settings deny access to virtually all non-local requests. Your setting deny access to virtually all requests. You need to adjust them to match your needs. This is not related to your error-on-F5 problem, but it needs to be fixed if you want Squid to proxy something. Hope this clarifies, Alex.
