[squid-users] because it matched "all"

From: san <[email protected]>
Date: Tue, 14 Oct 2003 16:24:31 +0530

Dear mates

I configured squid as proxy server in redhat linux 9 and from client pc's
they are able to browse smoothly without any restrictions,thanks to the
effort made by squid-developers

Apart from the enabled users in client list text file, other users who
configures the ipaddress of proxy server is able to browse,

then i tried enabling debugging option and in cache.log file it shows like
this.

2003/10/14 14:24:39| The reply for GET
http://www.jaguar.com/global/script/dhtmlmenu.js is ALLOWED, because it
matched 'all'
2003/10/14 14:24:35| The request GET
http://www.jaguar.com/global/script/dhtmlmenu.js is ALLOWED, because it
matched 'special_client'

special_client contains the ip address of the users can browse,
where it went wrong, how they can able to browse freely without any problem,
can any one suggest me the possibilities.

below are my squid.conf file

http_port 8080
icp_port 3130
icp_query_timeout 12000
maximum_icp_query_timeout 8000
cache_mem 25 MB
cache_dir ufs /home/cache 800 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_mime_hdrs on
log_fqdn on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
positive_dns_ttl 8 hour
read_timeout 500 minute
request_timeout 500 second

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 5081
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl special_client src "/sysadmin/proxy/accesslist"
http_access allow special_client
acl ban_word url_regex "/sysadmin/proxy/wordlist"
acl porn url_regex "/sysadmin/proxy/porn"
acl noporn url_regex "/sysadmin/proxy/noporn"

http_access deny all noporn
http_access deny all porn
http_access allow manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

acl yuck dstdomain "/sysadmin/proxy/personalmail"
http_access deny yuck

acl losers src mywindowspc
acl 5CONN maxconn 5
http_access deny 5CONN losers

cache_mgr localhost@myserver.net
visible_hostname proxy.existm.com

debug_options ALL,1 33,2
client_db on
deny_info http://mywebserver:8080/ porn

Prayer of India
-----------------
lokah samastah sukhino bhavantu -- Let the entire world be in peace!

If we can go above our own personal hardships and see the problems of
others and decide to work for a larger cause, then there is natural
elevation of our mind.
                 - President A.P.J.Abdul Kalam
Received on Tue Oct 14 2003 - 04:45:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:29 MST