RE: [squid-users] [squid-users) FAQ 10.11 Banning all other desti nations

From: Chris Robertson <[email protected]>
Date: Mon, 7 Feb 2005 11:31:54 -0900

> -----Original Message-----
> From: johnsuth@acenet.com.au [mailto:johnsuth@acenet.com.au]
> Sent: Monday, February 07, 2005 12:33 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] [squid-users) FAQ 10.11 Banning all other
> destinations
>
>
>
> In Squid 2.5.s8_OS2_VAC my squid.conf included this example from FAQ 10.11

> acl xxx dst 0.0.0.0/0.0.0.0
> http_access deny xxx
>
> However, web pages not previously allowed in the sequence of rules, were
nevertheless
> allowed to be served from cache, contrary to my wishes.
>
> I understand that if I accept free software, then I am a beta tester. I
suppose the Squid
> community takes no responsibility for the integrity of any specific build
of Squid.
>
> # TAG: acl
> #Recommended minimum configuration:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 1025-65535 # unregistered ports
> acl CONNECT method CONNECT
> acl government urlpath_regex -i .gov
> acl education urlpath_regex -i .edu
> acl google dstdomain .google.com.au
> acl acenet dstdomain .acenet.com.au
> acl localnet src 192.168.100.0/24
> acl ip dst 0.0.0.0/0.0.0.0
> acl www urlpath_regex -i www.
> acl http proto HTTP
>
> # TAG: http_access
> #Recommended minimum configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny to_localhost
> http_access allow government
> http_access allow education
> http_access allow google
> http_access allow acenet
> http_access allow localnet
> http_access deny ip
> http_access deny http
> http_access allow www
>
> # TAG: http_reply_access
>
>

Try one of three things:

1) Clear the squid cache (remove the cache_dirs, and swap.log files, then
start squid with the -z option)

2) Force a refresh to any of the denied sites (hold down shift or control
while hitting the reload button should do it).

3) Locate a Squid Purge utility (such as the one at
http://www.wa.apana.org.au/~dean/squidpurge/) and use it to purge your cache
of unwanted pages.

ACLs don't seem to be checked when squid serves cached content (likely in
the interest of speed).

As for your disparaging comments on free software... I think you have
received a great deal of support and witnessed a great show of
responsibility. *shrug*

Chris
Received on Mon Feb 07 2005 - 13:33:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST