Re: [squid-users] Squid-2.4-STABLE7 http_access breaks when Netfilter REDIRECT turned on/off/on

From: per jarevez <perj8@dont-contact.us>
Date: Tue, 17 Jun 2003 00:16:16 +0000

> > #
> > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> > #
> > http_access allow myAllow all <---- becomes "http_access allow
> > all" after Netfilter REDIRECT is switched back on.
> > http_access deny myDeny all
> > http_access allow localhost
> > http_access allow intranet
> > # And finally deny all other access to this proxy
> > http_access deny all
>
>
>Are you really sure the above is what you want?
>
>http_access allow myAllow all
>
>gives everyone in the whole world access to any sites matching
>"myAllow".

Yes, I want to allow more specific url_regex that matches myDeny, but should
be allowed.
I have the firewall blocking port 3128 on the external interface, so
http_access allow myAllow all is only for everybody who can access Squid on
my internal interface.

>
>
>I think what you want is
>
> http_access allow localhost
> http_access allow myAllow intranet
> http_access deny myDeny
> http_acces allow intranet

I guess I'll change to http_access allow myAllow, but it still doesn't fix
the issue. That URL's matching myDeny but not myAllow are going through -
ie. 200

>
>
>Regarding the Netfilter issue, what do you get in access.log?
>

1055808450.646 10 10.1.0.100 TCP_IMS_HIT/304 200 GET
http://global.msads.net/ads/PROHO3/00292SI0005_D1.gif - NONE/- image/gif

But I have "/ads/" url_regex in myDeny ACL and no url_regex that would match
the above in myAllow.

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
Received on Mon Jun 16 2003 - 18:16:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:23 MST