On 10/12/2015 11:02 p.m., Massimo.Sala wrote: > 2015/12/10 10:33:49| ERROR: '.addons.mozilla.org' is a subdomain of > 'addons.mozilla.org' > > > I thought > addons.mozilla.org blocks only these hostname ACLs do not block anything. Access Controls do. This value tells Squid that addons.mozilla.org is an exact-match. Any sub-domain is to be a non-match. > > .addons.mozilla.org blocks all the sub-domains, like > www.addons.mozilla.org etc.addons.mozilla.org This one tells Squid that "addons.mozilla.org" and *all* sub-domains are to match true. > > Which are the parsing rules of squid 3.4 ? Each entry in the dstdomain ACL must be a unique and distinct match. The two ranges of possible domain names above overlap. Squid uses splay trees internally. So when there are two overlapping entries, which one will be found and tested against will change randomly based on how other things affect the splay. Which will cause random rejections for the *.addons.mozilla.org sub-domains. Thus having both is a problem. Which way around you place them in the list of ACL values determins whether Squid can drop one (and just warn) or not (the error). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users