ACL bug still present in 2.3S2

From: Rod Savard <rodney@dont-contact.us>
Date: Wed, 8 Mar 2000 21:25:43 -0800

I reported an ACL problem that started with 2.3S1 and some have offered a
few suggestions but nothing has worked. The problem still exists with
2.3S2. The problem did NOT exist in versions 2.2S5 and older.

I have the following ACLs defined (among others):

  acl dst_int dst 208.xxx.xxx.xxx/255.255.255.224
  acl ok_always dstdomain "/etc/squid.ok_always"
  acl ok_never dstdomain "/etc/squid.ok_never"
  acl no_web_access src 10.1.1.224/255.255.255.240

  http_access allow dst_int
  http_access allow ok_always
  http_access deny ok_never
  http_access deny no_web_access

The problem is that users in the 10.1.1.224-239 range are denied access even
to destinations that match the "ok_always" ACL. Interestingly the "dst_int"
and "ok_never" ACLs work fine.

I have prepended all domains in the /etc/squid.ok_always file with a dot.
One of the domains listed is ".autodesk.com" however, the user at 10.1.1.224
cannot go to "www.autodesk.com" and gets the error message for the
no_web_access ACL.

Suggestions appreciated!! I have been beating my head with this one for
quite some time.

---
Rod Savard - Delphi Developer
Savard Software - Tri-Cities, Washington, USA
rodney@savard.com - http://www.savard.com
Received on Wed Mar 08 2000 - 22:28:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:58 MST