[squid-users] Blocking local sites

From: bolMyn <[email protected]>
Date: Thu, 21 Feb 2002 09:38:52 -0800 (PST)

(If Henrik can answer this, I would greatly appreciate
it).

This is my squid.conf file:

http_port 8080

cache_peer 10.0.0.1 parent 81 0 no-query weight=1
cache_peer 10.0.0.2 parent 81 0 no-query weight=2
cache_peer 10.0.0.3 sibling 8080 3130

peer_connect_timeout 5 seconds

acl all src 0.0.0.0/0.0.0.0
never_direct allow all
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 4096 KB
maximum_object_size_in_memory 16 KB
fqdncache_size 1024

cache_dir ufs /proxy_cache 2000 16 256
cache_access_log /squid/logs/access.log
cache_log /squid/logs/cache.log
cache_store_log none

log_ip_on_direct off

mime_table /squid/etc/mime.conf
pid_filename /proxy_cache/squid.pid
error_directory /squid/etc/custom_errors

debug_options ALL,1
log_fqdn on

ftp_user Squid@mycache.com
ftp_passive off

dns_nameservers 10.0.0.10 10.0.0.11 10.0.0.12
10.0.0.13
redirect_rewrites_host_header off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
reference_age 4 weeks

connect_timeout 2 minute

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl allowed_hosts src 10.0.0.0-10.10.255.255
10.17.4.0-10.17.31.255

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl Noporn url_regex -i "/squid/etc/porn.unblock.txt"
acl Porn url_regex -i "/squid/etc/porn.block.txt"
acl Questionable url_regex -i
"/squid/etc/badsite.block.txt"
acl Xdrive url_regex -i "/squid/etc/xdrive.block.txt"
acl Bandwidthhog url_regex -i
"/squid/etc/bandwidthhog.block.txt"
acl MYblock url_regex -i "/squid/etc/my.block.txt"

deny_info ERR_PORN Porn
deny_info ERR_QUESTIONABLE Questionable
deny_info ERR_XDRIVE Xdrive
deny_info ERR_BANDWIDTHHOG Bandwidthhog

http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny manager all
http_access allow localhost manager allowed_hosts

http_access allow Noporn
http_access deny Porn
http_access deny Questionable
http_access deny Xdrive
http_access deny Bandwidthhog
http_access deny MYblock

http_access allow allowed_hosts
http_access deny all

acl local-intranet dstdomain .mydomain.com
acl local-site dst 10.0.0.1-10.17.31.255

always_direct allow local-intranet
always_direct allow local-site
icp_access allow allowed_hosts
icp_access deny all

miss_access allow all

cache_mgr squid@mydomain.com
cache_effective_user squid
cache_effective_group squid

visible_hostname myhost.mydomain.com
pipeline_prefetch on
ie_refresh on
httpd_accel_with_proxy off
httpd_accel_uses_host_header on

Here is the kicker. I can block any site I want if it
is on the internet. However, I cannot do it for site
which
our internal to our network. I disable 'bypass' in a
browser
settings but with no success.

Any ideas as to why that happens?

Thanks.

=====
=======
Bolek,

e-mail: bman@bolek.com

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
Received on Thu Feb 21 2002 - 10:38:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:30 MST