Re: [squid-users] R: [squid-users] Squid: What is wrong in myacl????

From: Valter Dal Bo <[email protected]>
Date: Fri, 17 Nov 2006 09:41:57 +0100

Hi !

Something that could help you because it's simplier (IMHO) to manage
ACLs, is SquidGuard.
I use it and find it Extremely good.
Matching a rule with or without excerptions, is just a matter of typing
the word/url/address you are considering to ban/allow.

Regards
Valter

Reale Marco wrote:

>Why confused?
>Becuase this morning I discovered that the word causing "access denied" is "Pene"; this word is contained in acl "bad_word_content_type":
>acl bad_word_content_type url_regex -i sesso culo culi tette nudo nuda seno seni PENE cazzo cazzi teen figa webtv streaming tvgratis
>
>Reading log you can see:
>2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif is ALLOWED, because it matched 'DomainUsers'
>2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif is ALLOWED, because it matched 'all'
>2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is ALLOWED, because it matched 'DomainUsers'
>2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is ALLOWED, because it matched 'all'
>2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is DENIED, because it matched 'Proxy_Internet_Ts'
>2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is ALLOWED, because it matched 'Proxy_Internet_Ts'
>2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif is DENIED, because it matched 'Proxy_Internet_Ts'
>2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif is ALLOWED, because it matched 'Proxy_Internet_Ts'
>2006/11/16 12:41:44| The request GET http://www.comune.milano.it/home/css/home.css is ALLOWED, because it matched 'DomainUsers'
>..............
>..............
>
>
>Is possibile to have in access.log "blocked by bad_word_content_type" acl? Or something similar?
>Reading log I see ALLOWED,DENY,ALLOWED,DENY....but this didn't help me. Also because, for example, "DENIED, because it matched 'Proxy_Internet_Ts'" apparently doesn't have any sense (at least in this case)
>
>Thanks
>
>-----Messaggio originale-----
>Da: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
>Inviato: gioved� 16 novembre 2006 18.07
>A: Reale Marco
>Cc: squid-users@squid-cache.org
>Oggetto: Re: [squid-users] Squid: What is wrong in myacl????
>
>tor 2006-11-16 klockan 16:59 +0100 skrev Reale Marco:
>
>
>
>>I'll briefly try to explain:
>>1) visiting www.comune.milano.it the user/credential pop-up was shown
>>to me I tried to increase debug_option but it didn't help me because
>>log was confused
>>
>>
>
>In what sense was it confused?
>
>"The request .. is DENIED because it matched acl XXX" says the last acl on the http_access line which denied access. or the first encountered acl requiring authentication if the request was not authenticated.
>
>"The reply for .." lines says what happened in http_reply_access.
>
>Regards
>Henrik
>
>
>
Received on Fri Nov 17 2006 - 01:43:14 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST