Hi,Someone replied to you yesterday. Their answer was that you have thehttp_access lines in the wrong order. If you read the FAQ atwww.squid-cache.org you'll see that http_access lines are processed asthey are found. Your first line says allow officelan. Naturally, anyone onthat LAN is going to to be permitted regardles of whether they send a realrequest or a url mathcing your nimda ones.You need to reorder the lines:http_access deny nimda1http_access deny nimda2http_access deny nimda3http_access deny nimda4http_access allow officelanColinOn Wed, 27 Feb 2002 Nithya_Ananth/MAA/IN/[email protected] wrote:> Our Caching server is working fine for the past 15 days. Now we> found a problem. If anyone from the internal segments generate virus.> it is directly hitting the cache, eventhough we put the ACL in the> squid.conf file. Our configuraton is as follows.> acl nimda1 url_regex root.exe> acl nimda2 url_regex command.exe> acl nimda3 url_regex readme.exe> acl nimda4 url_regex readme.eml> > acl all src 0.0.0.0/0.0.0.0> acl src office! lan 192.168.129.3/255.255.255.255> > http_access allow officelan> > http_access deny nimda1> http_access deny nimda2> http_access deny nimda3> http_access deny nimda4> > http_access deny all
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST