On Wed, 30 Nov 2011 17:07:54 -0600, Paul Crown wrote:
> Greetings,
>
> I feel I am missing something simple. I have installed squid3 on
> Ubuntu. I added
>
> acl allow_domains dstdomain "/etc/squid3/always_direct.acl"
> always_direct allow allow_domains
>
> acl denied_domains dstdomain "/etc/squid3/denied_domains.acl"
> http_access deny denied_domains
>
> and populated both files accordingly, and restarted squid3.
>
> Now from a terminal, curl good-url and it works. curl bad-url and it
> gives me the blocked message.
>
> Try it in firefox, and good-url and bad-url both work fine. Neither
> is
> blocked.
>
> What did I forget?
>
> Thanks.
>
> Paul
What you are missing is two details:
Firstly, http_access and always_direct are completely unrelated
controls.
- http_access determins whether Squid is allowed to service the
request.
- always_direct determines whether Squid MUST (versus MAY) service the
request using DNS lookups and going directly to the public origin
server(s).
Also, you are missing minor details about the URL being tested. ie
- whether the browse is automatically adding "www." in front of the
domain, or not
- whether curl is setting the HTTP/1.1 Host: header correctly, or not
- whether the browse and terminal tools were run on the same machine,
or not
- whether you have any other access controls affecting the requests (ie
a browser type ACL allowing Mozilla/* agents through before these
controls)
Amos
Received on Thu Dec 01 2011 - 00:41:35 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 12:00:03 MST