Re: [squid-users] Access control problem

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 21 Aug 2010 21:19:46 +1200

mrmmm wrote:
> I am having difficulty setting up access rules for some reason :/
>
> in squid.config, among other stuff I have:
>
> acl all src 0.0.0.0/0.0.0.0
> acl authorize proxy_auth REQUIRED
> acl denybadsites url_regex -i "/usr/local/etc/squid/lists/badsites"
> acl denyLoadup url_regex -i http://.*loadup.ru

To meet your stated aim below and not catch a multitude of other sites
in the denial, replace this with:
  acl denyLoadup dstdomain .loadup.ru

>
> http_access deny all denyLoadup
> http_access deny all denybadsites
> http_access allow authorize
> http_access deny all
>
> In the badsites file I have:
> somesite.com
> 123.34.56.78
> 234.56.78.90
>

For those types of entry replace "url_regex -i" with dstdomain.

A wildcard prefix (*.example.com) can be one by starting the entry with
a dot (ie .example.com)

>
> However, I am still able to browse to somesite.com and www.somesite.com no
> problem.
> At the same time I am UNABLE to browse to www.loadup.ru and loadup.ru
>
> I have tried different syntax in the file, but with the same result. What is
> the exact syntaxt that needs to be there?

Same syntax as whatever ACL type is testing it. Each line of the file
contains one item to be matched. If any single one from the set matches
the ACL is true.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.6
   Beta testers wanted for 3.2.0.1
Received on Sat Aug 21 2010 - 09:19:57 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 21 2010 - 12:00:02 MDT