> > #
> > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> > #
> > http_access allow myAllow all <---- becomes "http_access allow
> > all" after Netfilter REDIRECT is switched back on.
> > http_access deny myDeny all
> > http_access allow localhost
> > http_access allow intranet
> > # And finally deny all other access to this proxy
> > http_access deny all
>
>
>Are you really sure the above is what you want?
>
>http_access allow myAllow all
>
>gives everyone in the whole world access to any sites matching
>"myAllow".
Yes, I want to allow more specific url_regex that matches myDeny, but should
be allowed.
I have the firewall blocking port 3128 on the external interface, so
http_access allow myAllow all is only for everybody who can access Squid on
my internal interface.
>
>
>I think what you want is
>
> http_access allow localhost
> http_access allow myAllow intranet
> http_access deny myDeny
> http_acces allow intranet
I guess I'll change to http_access allow myAllow, but it still doesn't fix
the issue. That URL's matching myDeny but not myAllow are going through -
ie. 200
>
>
>Regarding the Netfilter issue, what do you get in access.log?
>
1055808450.646 10 10.1.0.100 TCP_IMS_HIT/304 200 GET
http://global.msads.net/ads/PROHO3/00292SI0005_D1.gif - NONE/- image/gif
But I have "/ads/" url_regex in myDeny ACL and no url_regex that would match
the above in myAllow.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
Received on Mon Jun 16 2003 - 18:16:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:23 MST