Search squid archive

Re: Access Log Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 13.11.24 13:00, Piana, Josh wrote:
Is this because I'm defining the localnet and then the response rule just allows all traffic from this network?
My intention was to specify the localnet, then allow traffic from that network as it filters through all the other ACL's. So should I remove the rule entirely or change the order?
you did not allow "from that network", you have allowed traffic "to that network" because localnet is defined as "dst " 
- this may cause confusion, I recomment changing this acl to "to_localnet"

I believe your problem is:

http_access allow !bad_exception_urls
- here you allowed access to anywhere except the URLS in /etc/squid/bad_exception_urls, so further http_access rules will get evaluated only if someone tried to access URLs in that file. 

I guess you want to deny access to them thus use instead:

acl bad_exception_urls url_regex -i "/etc/squid/bad_exception_urls"
http_access deny bad_exception_urls
also note that url_regex rules may be very CPU intensive, you should avoid them 


-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries
Sent: Tuesday, November 12, 2024 11:44 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Access Log Question

Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.


12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735 CONNECT
http://www.safgard.com:443/ - \ HIER_DIRECT/206.188.0.52 - -/-



acl localnet dst 10.0.0.0/8


...


http_access allow localnet



.. never gets here.


http_access deny !kerb-auth
http_access allow kerb-auth
http_access deny all


--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux