What's been working for me is using url_regex instead of dst_domain.
acl porn url_regex "/usr/local/squid/etc/porn" (this file contains sites and regex expressions to block sites)
http_access allow everyone !guestac !porn !porn1 (allow everyone access except to the ! ACLs)
> -----Original Message-----
> From: Reale Marco [mailto:Marco.Reale@secondamano.it]
> Sent: Wednesday, November 15, 2006 9:07 AM
> To: AdministratorIn; squid-users@squid-cache.org
> Subject: [squid-users] R: Re: [squid-users] Squid: What is
> wrong in my acl????
>
>
> Hi Henrik
>
> Thanks for your kind reply.
> I'll try to explain better (sorry for my poor english...)
>
> In my pornblock.txt hostnames are already without .
> My pornblock.txt is:
>
> Playboy.com
> www.playboy.com
> Penthouse.com
> www.Penthouse.com
> Superfiga.com
> www.superfiga.com
> .....
> .....
>
> The problem is that sometimes (AND APPARENTLY WITHOUT REASON)
> authentication pop-up appears even though url currently I'm
> browsing is not wrote in pornsite.txt
>
> Example (occurred today with a specific site):
>
> 1) User open without problem url:
> www.somesite.com/homepage.aspx and while he is browsing,
> authentication popup appears.
> 2) I NOTICED THAT PRESSING CANCEL BUTTON, USER WAS ABLE TO
> CONTINUE BROWSING!!! Thus...I suspected that some object (a
> banner, a pop-up etc...) was blocked in fact....ENTERING MY
> CREDENTIALS (I'm in a group with full access) a pop-up with a
> banner was shown.
> 3) THUS....AND FINALLY....ANALYZING LOG FILE I SAW entries like this:
> 172.16.100.136 TCP_DENIED/407 2181 GET
> http://secure-it.imrworldwide.com/cgi-bin/m?
> TCP_DENIED/407 2349 GET
> http://ad.it.doubleclick.net/adj/select.secondamano.it/homepag
> e_rectangle;sz=300x250;ord=1238394311? - NONE/- text/html
>
> http://ad.it.doubleclick.net/adj/select.secondamano.it/homepag
e_rectangle is the pop-up!!!
I'm sure the problem is pornsite acl because disabling acl the problem disappears thus...I suspect that acl doesn't work correctly and sometimes blocks sites containing one of these words (double for example) and not exact urls
In my pornsites.txt there are in fact urls like this:
videos-double-penetration.com
doublesexhit.com
double-god.fr.st
doublepenitration.com
.....
This problem is driving me crazy and the only solution I founded is to disable "pornsite" acl even though It isn't a solution....
Could you give me a suggestion?
-----Messaggio originale-----
Da: AdministratorIn [mailto:AdministratorIn@blackbox.net]
Inviato: luned� 13 novembre 2006 17.17
A: Reale Marco; squid-users@squid-cache.org
Oggetto: Fwd: Re: [squid-users] Squid: What is wrong in my acl????
Begin forwarded Message from Henrik Nordstrom <henrik@henriknordstrom.net>, Sat, 11 Nov 2006 00:32:37 +0100 (MET):
fre 2006-11-10 klockan 15:05 +0100 skrev Reale Marco:
> I want to block only www.playboy.com or www.superfiga.com but NOT
> www.mysite.playboy.com or www.ciao.superfiga.com
dstdomain .playboy.com blocks playboy.com and all subdomains including www.playboy.com, www.mysite.playboy.com etc. Everything on the playboy.com domain).
To block exact host names write exact hostnames, not domain names starting with a dot.
playboy.com
www.playboy.com
[etc].
Regards
Henrik
Received on Wed Nov 15 2006 - 07:41:09 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST