Hi,
Someone replied to you yesterday. Their answer was that you have the
http_access lines in the wrong order. If you read the FAQ at
www.squid-cache.org you'll see that http_access lines are processed as
they are found. Your first line says allow officelan. Naturally, anyone on
that LAN is going to to be permitted regardles of whether they send a real
request or a url mathcing your nimda ones.
You need to reorder the lines:
http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
http_access allow officelan
Colin
On Wed, 27 Feb 2002 Nithya_Ananth/MAA/IN/Antarix@antarix.net wrote:
> Our Caching server is working fine for the past 15 days. Now we
> found a problem. If anyone from the internal segments generate virus.
> it is directly hitting the cache, eventhough we put the ACL in the
> squid.conf file. Our configuraton is as follows.
> acl nimda1 url_regex root.exe
> acl nimda2 url_regex command.exe
> acl nimda3 url_regex readme.exe
> acl nimda4 url_regex readme.eml
>
> acl all src 0.0.0.0/0.0.0.0
> acl src office! lan 192.168.129.3/255.255.255.255
>
> http_access allow officelan
>
> http_access deny nimda1
> http_access deny nimda2
> http_access deny nimda3
> http_access deny nimda4
>
> http_access deny all
Received on Wed Feb 27 2002 - 15:35:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST