Re: [squid-users] URGENT!! problem due to virus.

From: Colin Campbell <[email protected]>
Date: Thu, 28 Feb 2002 08:35:12 +1000 (EST)

Hi,

Someone replied to you yesterday. Their answer was that you have the
http_access lines in the wrong order. If you read the FAQ at
www.squid-cache.org you'll see that http_access lines are processed as
they are found. Your first line says allow officelan. Naturally, anyone on
that LAN is going to to be permitted regardles of whether they send a real
request or a url mathcing your nimda ones.

You need to reorder the lines:

http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
http_access allow officelan

Colin

On Wed, 27 Feb 2002 Nithya_Ananth/MAA/IN/Antarix@antarix.net wrote:

> ���� Our Caching server is working fine for the past 15 days. Now we
> found a problem. If anyone�from the internal segments generate virus.
> it is directly hitting the cache, eventhough we put the ACL in the
> squid.conf file. Our configuraton is as follows.

> acl nimda1 url_regex root.exe
> acl nimda2 url_regex command.exe
> acl nimda3 url_regex readme.exe
> acl nimda4 url_regex readme.eml
> �
> acl all src 0.0.0.0/0.0.0.0
> acl src office! lan 192.168.129.3/255.255.255.255
> �
> http_access allow officelan
> �
> http_access deny nimda1
> http_access deny nimda2
> http_access deny nimda3
> http_access deny nimda4
> �
> http_access deny all
Received on Wed Feb 27 2002 - 15:35:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST