Search squid archive

Re: server_name_regex acl doesnt work anymore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've sorted it, I had to put quotes around my file path to the URL whitelist

On Thu, 12 Jan 2023, 15:22 robert k Wild, <robertkwild@xxxxxxxxx> wrote:
hi all,

i have no idea why but my acl for url whitelist doesnt work anymore

this is the output of my parse 

/usr/local/squid/sbin/squid -k parse
2023/01/12 15:10:56| Startup: Initializing Authentication Schemes ...
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'basic'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'digest'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'negotiate'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'ntlm'
2023/01/12 15:10:56| Startup: Initialized Authentication.
2023/01/12 15:10:56| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2023/01/12 15:10:56| Processing: acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 10.0.0.0/8            # RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 100.64.0.0/10         # RFC 6598 shared address space (CGN)
2023/01/12 15:10:56| Processing: acl localnet src 169.254.0.0/16        # RFC 3927 link-local (directly plugged) machines
2023/01/12 15:10:56| Processing: acl localnet src 172.16.0.0/12         # RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 192.168.0.0/16                # RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src fc00::/7              # RFC 4193 local private network range
2023/01/12 15:10:56| Processing: acl localnet src fe80::/10             # RFC 4291 link-local (directly plugged) machines
2023/01/12 15:10:56| Processing: acl SSL_ports port 443
2023/01/12 15:10:56| Processing: acl Safe_ports port 80         # http
2023/01/12 15:10:56| Processing: acl Safe_ports port 21         # ftp
2023/01/12 15:10:56| Processing: acl Safe_ports port 443                # https
2023/01/12 15:10:56| Processing: acl Safe_ports port 70         # gopher
2023/01/12 15:10:56| Processing: acl Safe_ports port 210                # wais
2023/01/12 15:10:56| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2023/01/12 15:10:56| Processing: acl Safe_ports port 280                # http-mgmt
2023/01/12 15:10:56| Processing: acl Safe_ports port 488                # gss-http
2023/01/12 15:10:56| Processing: acl Safe_ports port 591                # filemaker
2023/01/12 15:10:56| Processing: acl Safe_ports port 777                # multiling http
2023/01/12 15:10:56| Processing: acl CONNECT method CONNECT
2023/01/12 15:10:56| Processing: http_access allow localhost manager
2023/01/12 15:10:56| Processing: http_access deny manager
2023/01/12 15:10:56| Processing: include /usr/local/squid/etc/squidrules.conf
2023/01/12 15:10:56| Processing Configuration File: /usr/local/squid/etc/squidrules.conf (depth 1)
2023/01/12 15:10:56| Processing: acl DiscoverSNIHost at_step SslBump1
2023/01/12 15:10:56| Processing: acl NoSSLIntercept ssl::server_name_regex /usr/local/squid/etc/pubkey.txt
2023/01/12 15:10:56| Processing: ssl_bump peek DiscoverSNIHost
2023/01/12 15:10:56| Processing: ssl_bump splice NoSSLIntercept
2023/01/12 15:10:56| Processing: ssl_bump bump all
2023/01/12 15:10:56| Processing: http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
2023/01/12 15:10:56| Processing: sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB
2023/01/12 15:10:56| Processing: acl upmime req_mime_type /usr/local/squid/etc/mimedeny.txt
2023/01/12 15:10:56| Processing: acl url_links url_regex /usr/local/squid/etc/linksurl.txt
2023/01/12 15:10:56| Processing: acl special_url url_regex /usr/local/squid/etc/urlspecial.txt
2023/01/12 15:10:56| Processing: acl downmime rep_mime_type /usr/local/squid/etc/mimedeny.txt
2023/01/12 15:10:56| Processing: http_reply_access allow special_url
2023/01/12 15:10:56| Processing: http_reply_access deny downmime
2023/01/12 15:10:56| Processing: acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt
2023/01/12 15:10:56| Processing: acl activation port 80 443
2023/01/12 15:10:56| Processing: http_access allow activation whitelist
2023/01/12 15:10:56| Processing: http_access deny all
2023/01/12 15:10:56| Processing: http_access allow localnet
2023/01/12 15:10:56| Processing: http_access allow localhost
2023/01/12 15:10:56| Processing: http_access deny all
2023/01/12 15:10:56| Processing: coredump_dir /usr/local/squid/var/cache/squid
2023/01/12 15:10:56| Processing: refresh_pattern ^ftp:          1440    20%     10080
2023/01/12 15:10:56| Processing: refresh_pattern ^gopher:       1440    0%      1440
2023/01/12 15:10:56| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
2023/01/12 15:10:56| Processing: refresh_pattern .              0       20%     4320
2023/01/12 15:10:56| Processing: icap_enable on
2023/01/12 15:10:56| Processing: adaptation_uses_indirect_client on
2023/01/12 15:10:56| Processing: icap_send_client_ip on
2023/01/12 15:10:56| Processing: icap_send_client_username on
2023/01/12 15:10:56| Processing: icap_client_username_header X-Authenticated-User
2023/01/12 15:10:56| Processing: icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
2023/01/12 15:10:56| Processing: adaptation_access service_req allow all
2023/01/12 15:10:56| Processing: icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
2023/01/12 15:10:56| Processing: adaptation_access service_resp allow all
2023/01/12 15:10:56| Initializing https:// proxy context
2023/01/12 15:10:56| Initializing http_port [::]:3128 TLS contexts
2023/01/12 15:10:56| Using certificate in /usr/local/squid/etc/ssl_cert/myCA.pem
2023/01/12 15:10:56| Using certificate chain in /usr/local/squid/etc/ssl_cert/myCA.pem
2023/01/12 15:10:56| Adding issuer CA: /C=XX/L=Default City/O=Default Company Ltd
2023/01/12 15:10:56| Using key in /usr/local/squid/etc/ssl_cert/myCA.pem

acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt

and in the url whitelist file is adobe.com

(^|\.)adobe.com$

but when i try to access on my browser "adobe.com" i get the proxy access denied page

can anyone shed some light as im struggling to sort this out

thanks,
rob

--
Regards,

Robert K Wild.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux