On 15/07/2016 5:19 p.m., Filip Maroul wrote: > Hello, > I am running squid3 in version 3.4 on Debian 8 x64. I am using block list > for some domain's it works but if I try to put failure url it not work. Please explain "it not work". > Here is my conf file: > ----------------------------------------------------------------------------------- > http_port 3128 > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 > Problem #1: your custom refresh_pattern is never used. ** Order is important. ** You should add custom refresh_pattern lines to the top of the list. Squid stops processing refresh_pattern lines when it finds a match for the current transactions URL. The "." pattern is listed last in the defaults because it matches *everything* that reaches it. > #acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network > acl dmz_net src 172.100.200.0/27 # RFC 1918 possible internal network > #acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network > #acl localnet src fc00::/7 # RFC 4193 local private network range > #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines > > acl SSL_ports port 443 # https > > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > > acl CONNECT method CONNECT > acl Social_block dstdom_regex .app.facebook.com .facebook.com Problem #2: using regex to match a dstdomain value. I guess you are using this either out of a misplaced enthusiasm or beliefe in regex. Or to avoid the warning Squid displays about ".app.facebook.com" when the two are combined. Squdi is warning about .app.facebook.com being redundant. Any URL matching .app.facebook.com is by definition also matched by .facebook.com. To avoid some very real matching problems you should not list it. You should use: acl Social_block dstdomain .facebook.com .fbcdn.net Note that "facebook.com" and subdomains are not commonly used by Facebook. Their actual data objects domain is *.fbcdn.net > acl Bulvar dstdom_regex .super.cz > acl Bulvat dstdomain .super.cz > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny Social_block > http_access deny Bulvar > http_access allow localhost manager > http_access deny manager > http_access allow dmz_net > http_access allow localhost > http_access deny all > > #Disk cache directory > cache_dir ufs /var/spool/squid3 1024 16 256 > > #Max memory cache usage > cache_mem 1024 MB > > deny_info http://www.seznam.cz Bulvar This redirects when the Bulvar ACL matches. That is all. Only the *.super.cz domains listed in Bulvar will be redirected. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
