[squid-users] Squidnt: Error message displayed problem and dstdomain question

From: Reale Marco <[email protected]>
Date: Mon, 23 Oct 2006 18:54:06 +0200

I have 2 problems:

1) Error message displayed
Until 2 months ago my squid.conf was based on ip acl and, to prevent
porn sites, there was this acl:

a) acl based on ip
acl porn url_regex "c:/squid/block/pornblock.txt"
acl mycompany_ip_no_restriction src 172.16.99.2 172.16.100.34
http_access deny porn !mycompany_ip_no_restriction
deny_info ERR_PORN_ACCESS_DENIED porn

b) Now squid is based on windows domain groups and acl is:
acl porn dstdomain "c:/squid/block/pornblock.txt"
http_access deny porn !Proxy_All_Open
deny_info ERR_PORN_ACCESS_DENIED porn

In c:squid\share\errors\Italian\ERR_ACCESS_DENIED there is my customized
html file.
The problem is that while using acl "a" my error messagge is correctely
displayed, with acl "b" the messagge is always
c:\squid\share\errors\Italian\ERR_CACHE_ACCESS_DENIED
(I report english version)
Cache Access Denied
Sorry, you are not currently allowed to request:
from this cache until you have authenticated yourself.

Do someone know what is wrong?

2) dstdomain problem
In order to block porn sites I used dstdomain

acl porn dstdomain "c:/squid/block/pornblock.txt"

And in c:/squid/block/pornblock.txt I added urls like these:
.playboy.com
.superfiga.com
....

The problem is that all sites containing one of the above world were
blocked while I need to block only entire urls and not those matching a
word contained in this file.
Example:
I want to block only www.playboy.com or www.superfiga.com but NOT
www.mysite.playboy.com or www.ciao.superfiga.com
The only workaround I founded is to duplicate entries in pornblock.txt;
example:
playboy.com
www.playboy.com

Unfortunately this solution takes 60/80 seconds to squid service start
instead 15/20 seconds
Moreover I would like to write in log file the name of acl that is
blocking a site in order to help debugging.

Do someone know another solution for dstdomain and log?

Thanks
Marco
Received on Mon Oct 23 2006 - 10:54:11 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST