On 14/11/24 02:39, Matus UHLAR - fantomas wrote:
On 13.11.24 13:00, Piana, Josh wrote:
Is this because I'm defining the localnet and then the response rule
just allows all traffic from this network?
My intention was to specify the localnet, then allow traffic from that
network as it filters through all the other ACL's. So should I remove
the rule entirely or change the order?
you did not allow "from that network", you have allowed traffic "to that
network" because localnet is defined as "dst "
- this may cause confusion, I recomment changing this acl to "to_localnet"
Ouch. Yes quite right. Thank you Matus.
I believe your problem is:
http_access allow !bad_exception_urls
- here you allowed access to anywhere except the URLS in /etc/squid/
bad_exception_urls, so further http_access rules will get evaluated only
if someone tried to access URLs in that file.
I guess you want to deny access to them thus use instead:
acl bad_exception_urls url_regex -i "/etc/squid/bad_exception_urls"
http_access deny bad_exception_urls
also note that url_regex rules may be very CPU intensive, you should
avoid them
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
