Thanks, Amos.
Simon
于 14-8-21 16:19, Amos Jeffries 写道:
On 21/08/2014 7:16 p.m., k simon wrote:
Hi,Lists,
I plan to use "acl isp-xxx dst" to define tons of route prefix over
27,000 items. Does it reasonable?
Squid should be able to handle it, but its probably best to aggregate
the range
On 21/08/2014 7:16 p.m., k simon wrote:
> Hi,Lists,
>
>I plan to use "acl isp-xxx dst" to define tons of route prefix over
> 27,000 items. Does it reasonable?
Squid should be able to handle it, but its probably best to aggregate
the ranges first to minimize the work necessary per-request.
S
On 06/30/2014 12:25 PM, Der Dutz wrote:
Hi Eliezer,
Thanks for your kind respond. actually im reposting because i see
onhttp://marc.info/ that my email is unreadable because the format from the
email client i used (yahoo internal send mail editor), because its unreadable
then im afraid no on
Hi Eliezer,
Thanks for your kind respond. actually im reposting because i see on
http://marc.info/ that my email is unreadable because the format from the email
client i used (yahoo internal send mail editor), because its unreadable then im
afraid no one will reply to it.
Ok for the squid prob
Hey,
Please don't double post and in a Case really you must remind us that we
didn't responded just top-post\reply on the same thread.
(I do not think that even 48 hours has passed since anyone have seen it
yet and in many places sunday is not a work day.)
Eventually I will try to help you a
On 11/03/2014 8:24 p.m., Silver Wings wrote:
> Hey guys,
>
> currently I'm using ntlm authentification for my users (all Windows
> systems), however sometimes Squid is having troubles fetching the logged in
> user info. I have tried different settings but every few days a login
> windows keeps ap
Hey,
On 11/13/2013 01:27 PM, Amos Jeffries wrote:
Because cache allow/deny control is based on the request in current
releases of Squid.
Or to change the already considered response cache controls by the
source server.
If the source server thinks it worth caching then the only thing I can
think
On 13/11/2013 10:42 p.m., susu wrote:
> Hi All,
>
> I am using squid as a cache and I don't want to cache anything coming from a
> windows media server.
> So I have put following rules in squid.conf :
>
> acl windows_server rep_header -i Server -i ^Cougar
> cache deny windows_server
>
> But it i
Hey,
You need to use a .google.com to block all google subdomains.
Do you have the access.log output?
Eliezer
On 09/29/2013 10:29 AM, Ding Guigeng wrote:
>
> i defined an acl like this:
> acl bandomain dstdomain -i google.com
> then squid -k reconfig
> but when i visiting the website google.com
Have you added something like http_deny bandomain all ?
On Sun, Sep 29, 2013 at 10:29 AM, Ding Guigeng wrote:
>
> i defined an acl like this:
> acl bandomain dstdomain -i google.com
> then squid -k reconfig
> but when i visiting the website google.com in IE,it's not be denied.
>
> the squid versi
Hi All,
Seems that this is potentially a bug in 3.1.10, as we moved to version
3.3.8 and it worked without issue.
Thanks.
Regards,
-Mark
On 8/15/13 11:22 AM, "Lundy, Mark" wrote:
>
>
>Hi There,
>>>
>>>
>>>
>>>squid version : 3.1.10 ( squid-3.1.10-16.el6 )
>>>
>>>We are attempting to auth
faster than a bullet, thanks friends!!!
On Thu, Jul 11, 2013 at 9:06 PM, Netinho wrote:
> Yes, you can create the acl with proxy_auth.
> Example:
>
> acl mygroup1 proxy_auth "/etc/squid3/mygroup1"
> acl allow_sites dstdomain "/etc/squid3/allow_sites.txt"
>
> http_access allow mygroup1 allow_sites
Yes, you can create the acl with proxy_auth.
Example:
acl mygroup1 proxy_auth "/etc/squid3/mygroup1"
acl allow_sites dstdomain "/etc/squid3/allow_sites.txt"
http_access allow mygroup1 allow_sites
Put your users in mygroup1 file.
Oliveiros Peixoto.
Em 12/07/2013 00:57, Beto Moreno escreveu:
V
acl proxy_admins proxy_auth "/etc/squid/proxyadminuser.txt"
cat "/etc/squid/proxyadminuser.txt"
user-a
user-b
user-c
...
http_access allow proxy_admins
-Original Message-
From: Beto Moreno [mailto:pam...@gmail.com]
Sent: Friday, 12 July 2013 1:59 PM
To: squid-users@squid-cache.org
Subje
On 9/05/2013 1:17 p.m., Brett Lymn wrote:
I have been chasing down problems with squid ever since I updated to
v3.3.2. I have found one that looks a lot like a bug with the acl
matching. I have a particular IP address that people here are trying to
access that we cannot access because a cache p
On 16/04/2013 8:09 p.m., Alan wrote:
Is there any way to construct an ACL that checks the authentication
mechanism used (eg: radius/kerberos)?
No. But ...
I want to allow radius authentication only for FTP users, since there
is no FTP client (that I know of) that works with Scalquid using
ker
On 22/03/2013 8:34 p.m., Orlando Camarillo wrote:
Hi brothers.
I have running Squid HTTP Proxy 3.0 over Debian, everything is working
fine, just i got weird behavior with the acl time, every single day
stop working at 1723 hrs.
1723 UTC, GMT, or local time? if local time what timezone are you
Fixed using a 303 deny_info remote address
Thanks !!
-Original Message-
From: David Touzeau
Sent: Monday, January 07, 2013 6:10 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ACL: remove Authentication popup
Dear, i’m using external helper in order to ban members according g
On 4/11/2012 2:53 a.m., Petr Tichý wrote:
Hello everybody
I found that while behind Squid/3.1.6 in tproxy mode, the Microsoft AutoUpdate
on Mac cannot check for updates (times out). Setting
client_persistent_connections off cures the problem. Would it be possible to
tell squid to disable clie
Apologies for top posting, from Squid FAQs:
"Certain types of requests cannot be cached or are served faster going direct,
and Squid is optimized to send them over direct connections by default. The
nonhierarchical_direct off directive tells Squid to send these requests via the
parent anyway."
On 18/08/2012 18:43, Jenny Lee wrote:
> nonhierarchical_direct off
That did the trick. I thought I was probably missing something :-)
Thanks very much,
Andrew.
nonhierarchical_direct off
Jenny
> Date: Sat, 18 Aug 2012 18:31:14 +0100
> From: a.f...@ntlworld.com
> To: squid-users@squid-cache.org
> Subject: [squid-users] ACL processing in Squid 3.2
>
> I may be missing something here, but it looks like ACL processing is
> broken for at least some HTTPS req
On 7/4/2012 5:37 PM, Marcio Merlone wrote:
Hi all,
I am administering 3 squid 3.0.STABLE19-1ubuntu0.2 proxies on 3
different sites, and managed to read group membership on LDAP using
external_acl_type and squid_ldap_group without a problem. The last bit I
need to make this a dream proxy cluster
On 7/5/2012 3:10 PM, Marcio Merlone wrote:
Em 04-07-2012 22:19, Eliezer Croitoru escreveu:
the other options are: URL_REWRITE,ICAP,EXTERNAL_ACL.
Didn't know about ICAP. Sounds the way to go.
if you are willing to do the testings with me and built some skeleton
for it to fit sysadmins i w
Em 04-07-2012 22:19, Eliezer Croitoru escreveu:
On 7/4/2012 5:37 PM, Marcio Merlone wrote:
I am administering 3 squid 3.0.STABLE19-1ubuntu0.2 proxies on 3
different sites, and managed to read group membership on LDAP using
external_acl_type and squid_ldap_group without a problem. The last bit I
On 7/4/2012 5:37 PM, Marcio Merlone wrote:
Hi all,
I am administering 3 squid 3.0.STABLE19-1ubuntu0.2 proxies on 3
different sites, and managed to read group membership on LDAP using
external_acl_type and squid_ldap_group without a problem. The last bit I
need to make this a dream proxy cluster
On 06/20/2012 06:43 AM, Matus UHLAR - fantomas wrote:
On 19.06.12 18:52, Stefan Bauer wrote:
with a 30 MB file. Squid is instantly terminating if this acl-stanza is set
active. Where can and do we have to tune squid settings to achive this?
terminating with what reason? I would not wonder i
On 19.06.12 18:52, Stefan Bauer wrote:
with a 30 MB file. Squid is instantly terminating if this acl-stanza is set
active. Where can and do we have to tune squid settings to achive this?
terminating with what reason? I would not wonder if all the regexed
would not fit into the memory. Note th
On 20.06.2012 04:52, Stefan Bauer wrote:
Dear Developers & Users,
we want to use
acl forbidden_domains dstdom_regex "file.txt"
with a 30 MB file. Squid is instantly terminating if this acl-stanza
is set active. Where can and do we have to tune squid settings to
achive this?
http://wiki.squid
On 12/06/2012 00:14, Guy Helmer wrote:
Is there a way to write an ACL that can determine whether a request has been
made using Squid as a forward proxy, or if the request has been intercepted?
Guy
you can use the "myportname" acl for that.
then you can deny any direct access to the intercept
Hi Amos,
Thanks for your detailed explanation with config. Now i can see the
XFF IP as a source IP in access log and could block the users from
this.
Thanks a lot.
Regards,
Sekar
On Mon, Apr 2, 2012 at 7:23 PM, Amos Jeffries wrote:
> On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote:
>>
>> This
On 3/04/2012 1:13 a.m., Sekar Duraisamy wrote:
This will allow XFF header from the LB requests to squid. How to block
the original users in squid with the XFF information?
I mean the ACL configuration please...
Exactly as you would if the clients had connected to Squid directly.
Using the "sr
On 2/04/2012 8:24 p.m., Sekar Duraisamy wrote:
Thanks Amos. Actually My loadBalancer will send the XFF with source
information. So i will use XFF as the source to block the users intead
of IP.
Is this possible?
Try using the config lines I gave.
Amos
-Sekar
On Mon, Apr 2, 2012 at 1:03 PM,
Thanks Amos. Actually My loadBalancer will send the XFF with source
information. So i will use XFF as the source to block the users intead
of IP.
Is this possible?
-Sekar
On Mon, Apr 2, 2012 at 1:03 PM, Amos Jeffries wrote:
> On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
>>
>> Hello All,
>>
>>
On 2/04/2012 7:15 p.m., Sekar Duraisamy wrote:
Hello All,
Can create an ACL based on XFF?
Yes.
Now what do you mean by "based on"?
Since the squid placed after the loadbancer, it will send the XFF and
LB ip as source ip for all the request. So I want to put ACL based on
XFF.
Is this possi
On 20.02.12 12:58, Paolo Supino wrote:
All my other http_access rules are either based on a single "acl src",
"acl dst" (and variants) or "acl src, acl dst". The question (and not
a problem) is whether I can have a http_access rule that is built from
a: "acl src, acl dst and acl port"?
yes, you
Hi Matus
All my other http_access rules are either based on a single "acl src",
"acl dst" (and variants) or "acl src, acl dst". The question (and not
a problem) is whether I can have a http_access rule that is built from
a: "acl src, acl dst and acl port"?
Anyhow Amos Jeffries replied me in priva
On 16.02.12 15:51, Paolo Supino wrote:
I have the following scenario: I have a subnet that needs to get out
on the internet to 2 different subnets. To subnet1 it needs to be able
to access only in HTTP while to subnet2 it needs to be able to access
only in HTTPS. Is it possible to do the follwoin
On 18/02/2012 8:12 a.m., Carlos Manuel Trepeu Pupo wrote:
Hi !
I want to block:
http://*.google.com.cu
but allow:
http://www.google.com.cu/custom*
I mean deny all the subdomain of google.com.cu except all the URL that
contain the line below
I have Ubuntu with Squid 3.0 STABLE1 with this conf:
hi
Yes I have a few http_access rules in my squid.conf (7 to be
precise), but I can't fold this ACL into the other ACLs I have (I
would have done it if I could).
TIA
Paolo
On Fri, Feb 17, 2012 at 9:55 AM, Matus UHLAR - fantomas
wrote:
> On 16.02.12 15:51, Paolo Supino wrote:
>>
>> I have
On 16.02.12 15:51, Paolo Supino wrote:
I have the following scenario: I have a subnet that needs to get out
on the internet to 2 different subnets. To subnet1 it needs to be able
to access only in HTTP while to subnet2 it needs to be able to access
only in HTTPS. Is it possible to do the follwoin
On 17/02/2012 3:51 a.m., Paolo Supino wrote:
Hi
I have the following scenario: I have a subnet that needs to get out
on the internet to 2 different subnets. To subnet1 it needs to be able
to access only in HTTP while to subnet2 it needs to be able to access
only in HTTPS. Is it possible to do th
On Nov 28, 2011, at 11:18 AM, Gilles Routier Archive wrote:
> Hello,
>
> I have two vlan on my network :
> Vlan 1 : 55.8.0.0/22
> Vlan 2 : 55.8.226.0/24
>
> My proxy is on the vlan 1, and i want to use the acl arp to allow PC
> internet access.
>
> If i write in squid.conf a vlan 1 mac-adress
On 29/11/2011 5:18 a.m., Gilles Routier Archive wrote:
Hello,
I have two vlan on my network :
Vlan 1 : 55.8.0.0/22
Vlan 2 : 55.8.226.0/24
My proxy is on the vlan 1, and i want to use the acl arp to allow PC
internet access.
If i write in squid.conf a vlan 1 mac-adress to allow internet access,
.org; Andrew Burger
Subject: Re: [squid-users] ACL auth
Andrew,
If you use LDAP to authenticate your users you could try this:
A small example:
# LDAP helper to get the appropriate groups
external_acl_type ldap_blocked_sites ttl=3600 negative_ttl=3600 %LOGIN
/usr/lib64/squid/squid_kerb_lda
Hallo, Amos,
Du meintest am 29.08.11:
>> is it possible to define ACLs for special users (authentification
>> via NCSA works)?
> proxy_auth ACL.
> Like so:
>acl users proxy_auth bob knuth
Nice - thank you!
(I should have studied the "squish" examples ...)
Viele Gruesse!
Helmut
On 29/08/11 03:14, Helmut Hullen wrote:
Hallo, squid-users,
is it possible to define ACLs for special users (authentification via
NCSA works)?
Using "squidGuard" is possible (and there I can define ACLs for "user"
or "userlist") but I'd prefer a solution with the pure "squid".
Searching in the
fy or something as I don't get
> this one right.
>
> Any help or anything you can point me to get it right?
>
> Thanks
>
> Andrew
>
> -Original Message-
> From: Amos Jeffries [mailto:squ...@treenet.co.nz]
> Sent: 24 August 2011 16:16
> To: squid-users@
squid-users@squid-cache.org
Subject: Re: [squid-users] ACL auth
On 24/08/11 20:59, Andrew Burger wrote:
> Hi there,
>
> I would like to know I have the following in m y squid.conf
>
> Should I wish to block a user from a website I do it that way.
>
> But now we got more then 100
On 24/08/11 20:59, Andrew Burger wrote:
Hi there,
I would like to know I have the following in m y squid.conf
Should I wish to block a user from a website I do it that way.
But now we got more then 100 users that use squid and I would like to
setup like a external file where I can put in diffe
On 03/06/11 10:59, E.S. Rosenberg wrote:
Hi,
I set up a authenticating proxy, and based on the username I want to
change properties of the connection.
According to the documentation the proxy_auth type acl is slow because
it relies on external helpers, no my question is is it slow only the
first
On 23/04/11 19:11, Edward Ting wrote:
Hi Amos,
You mentioned in the post below that this is "One of the design flaws
we have not yet removed from Squid.". Is there a bug ID already?
This could be from many places for many reasons. Care to track down
where the problem is and see if its mention
On 19/04/11 21:19, Helmut Hullen wrote:
Hallo, cc,
Du meintest am 19.04.11:
I'm using Squid v3.0.Stable24.
Whenever I do a "squid -k reconfigure", I get the following
lines appearing:
2011/04/19 17:08:57.266| ACL::~ACL: '
2011/04/19 17:08:57.266| ACL::~ACL: '
[...]
I have no idea wha
Hallo, cc,
Du meintest am 19.04.11:
> I'm using Squid v3.0.Stable24.
> Whenever I do a "squid -k reconfigure", I get the following
> lines appearing:
> 2011/04/19 17:08:57.266| ACL::~ACL: '
> 2011/04/19 17:08:57.266| ACL::~ACL: '
[...]
> I have no idea what this is and can't seem to find any
> - Original Message -
> From: Amos Jeffries
> Sent: 03/01/11 02:41 PM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] ACL "all" & squid3
>
> > 2011/03/01 13:13:33 squid.conf line 2575: http_access allow
> > 2011/03/01 13:13:33
On 01/03/11 21:04, Voy User wrote:
I know questions about 'all' splay tree warning has been asked in the list
before& I found
the reply at
http://www.mail-archive.com/squid-users@squid-cache.org/msg57540.html
However, my question is slightly different.
I am using squid3 with debian lenny.
I a
Hi Amos
Thank you for your help
I removed the to_all from_all as suggested by pandu, it's working.
On 02/01/2011 01:56 PM, Amos Jeffries wrote:
>> is not matching in this case, because the domain resolving did not
>> return an ip address. so the request is still the domain name and squid
>> is co
On 02/01/2011 01:35 PM, Pandu Poluan wrote:
> Any reason for "from_all to_all"?
> Why not just:
> http_access allow within_timeframe_rule1
wow. ok, now i feel stupid :)
well. this is because the rules are dynamically created by a template
engine.
but it should be possible to remove these. it work
On 02/02/11 00:26, Peter Warasin wrote:
Hi squids
Anyone ready for helping me? Have a quite funny problem.
I have a more or less complex configuration, so i cut it down to the
interesting part.
Basically it is a sandwich configuration
squid -> content filters -> squid
which normally is worki
On Tue, Feb 1, 2011 at 18:26, Peter Warasin wrote:
> Hi squids
>
> Anyone ready for helping me? Have a quite funny problem.
>
> I have a more or less complex configuration, so i cut it down to the
> interesting part.
>
> Basically it is a sandwich configuration
> squid -> content filters -> squid
On Thu, 27 Jan 2011 00:21:32 +, smudly Quickhands
wrote:
> Thanks for the previous post I made the suggested changes to squid.conf
> but I still can not connect. Now on the Web browser I am getting Failed
to
> establish a secure connection to owaServer The system returned (71)
> Protocol err
Thanks for the previous post I made the suggested changes to squid.conf but I
still can not connect. Now on the Web browser I am getting Failed to establish
a secure connection to owaServer The system returned (71) Protocol error
On the squid server I am seeing a bunch of the following
fwdNe
On Wed, 26 Jan 2011 10:16:49 -0300, igor rocha
wrote:
> I am new to the list and did not know how to submit a question, then I
> apologize for asking a question by answering another but if someone can
> answer
> me something
>
> I would advice on how to use size tags in the cache size, since
On 26/01/11 20:27, smudly Quickhands wrote:
I am trying to setup Squid as a reverse proxy for my Exchange server. I have
copied the SSL certificate from the exchange server and installed it on the
Squid server. I can start Squid without any errors using /usr/sbin/squid -N
-d 1 -D
However
Is there a way around this?
On Wed, Dec 15, 2010 at 11:49 AM, Ralf Hildebrandt
wrote:
> * Aaron Drever :
>> So I have put as you suggested and get this in the access.log
>>
>> TCP_DENIED/403 1833 CONNECT mail.google.com:443 - NONE/- text/html
>
> Squid cannot look into Https:// traffic, since it'
* Aaron Drever :
> So I have put as you suggested and get this in the access.log
>
> TCP_DENIED/403 1833 CONNECT mail.google.com:443 - NONE/- text/html
Squid cannot look into Https:// traffic, since it's encrypted
As you can see it doesn't log an URL, only a hostname.
--
Ralf Hildebrandt
Gesc
So I have put as you suggested and get this in the access.log
TCP_DENIED/403 1833 CONNECT mail.google.com:443 - NONE/- text/html
On Wed, Dec 15, 2010 at 11:31 AM, Aaron Drever wrote:
> That didn't work:(
>
> On Wed, Dec 15, 2010 at 10:28 AM, Aaron Drever wrote:
>> Thanks Ralf.
>>
>> I'll give t
That didn't work:(
On Wed, Dec 15, 2010 at 10:28 AM, Aaron Drever wrote:
> Thanks Ralf.
>
> I'll give that a try and let you know.
>
> On Wed, Dec 15, 2010 at 10:22 AM, Ralf Hildebrandt
> wrote:
>> * Ralf Hildebrandt :
>>> * Aaron Drever :
>>> > Hello,
>>> >
>>> > I'm currently looking to implem
Thanks Ralf.
I'll give that a try and let you know.
On Wed, Dec 15, 2010 at 10:22 AM, Ralf Hildebrandt
wrote:
> * Ralf Hildebrandt :
>> * Aaron Drever :
>> > Hello,
>> >
>> > I'm currently looking to implement a rule that allows people behind
>> > the proxy to access a specific URL. In my case
* Ralf Hildebrandt :
> * Aaron Drever :
> > Hello,
> >
> > I'm currently looking to implement a rule that allows people behind
> > the proxy to access a specific URL. In my case the URL is
> > https://mail.google.com/a/domain.tld.
> >
> > We are using GApps, but I don't want them to be able to u
* Aaron Drever :
> Hello,
>
> I'm currently looking to implement a rule that allows people behind
> the proxy to access a specific URL. In my case the URL is
> https://mail.google.com/a/domain.tld.
>
> We are using GApps, but I don't want them to be able to use
> mail.google.com to access typica
On 12/11/10 06:04, Dean Weimer wrote:
I think I am going nuts, because I can't see what I am doing wrong here, I am
trying to send a group of domains through a parent proxy because the proxy
forwarding them doesn't have direct access to the websites. These ACL list are
before any others in th
Really sorry for that!
2010/10/29 Konrado Z :
> Hello,
>
> I couln't upload this post here (I got security message about its
> content) so I'm giving link to txt file (sorry for that):
> tinyurl.com/39c5s93 There is description of my problem with ACLs in squid.
>
> Please help.
> Best regards,
> K
Am 28.10.2010 16:22, schrieb Amos Jeffries:
There is. Start the domain match text with a dot:
Great. Thanks.
On 28/10/10 23:00, Marc Muehlfeld wrote:
Am 27.10.2010 12:10, schrieb Amos Jeffries:
What you need to take away from this is that 1) where possible add whole
domains and sets of sub-domains to "A" the first ACL. and 2) always
make sure
that your second "B" and regex ACL are matched. New rules in
Am 27.10.2010 12:10, schrieb Amos Jeffries:
What you need to take away from this is that 1) where possible add whole
domains and sets of sub-domains to "A" the first ACL. and 2) always make sure
that your second "B" and regex ACL are matched. New rules into the regex need
to be checked that the d
On 27/10/10 22:24, Marc Muehlfeld wrote:
One more information: I enabled debugging and got the following
information:
2010/10/27 11:22:36| The request CONNECT www.facebook.com:443 is
ALLOWED, because it matched 'MyNetworkMR_Clt'
But why it matches 'MyNetworkMR_Clt' and not rule 'blocked_urls'?
Re-doing since my earlier mail seems to have gone astray.
Apologies if you get this twice.
On 27/10/10 01:12, Marc Muehlfeld wrote:
Hello,
I have blocked some URLs through an url_regex acl, which works, if the
URL contains any protocol execept https.
The "blocked_urls.lst" file contains lines
One more information: I enabled debugging and got the following information:
2010/10/27 11:22:36| The request CONNECT www.facebook.com:443 is ALLOWED,
because it matched 'MyNetworkMR_Clt'
But why it matches 'MyNetworkMR_Clt' and not rule 'blocked_urls'?
Am 26.10.2010 14:12, schrieb Marc Mu
Am 27.10.2010 09:58, schrieb Amos Jeffries:
therefore your nice RegEx is never going to see the the request.
Move the RegEx to the top or the connect rule to the bottom of your ACLs.
No. The ! affects this. That line does not match for HTTPS.
Even if I remove the whole following block, https
On 27/10/10 19:57, Daniel van Soest wrote:
Marc Muehlfeld schrieb:
Hello,
I have blocked some URLs through an url_regex acl, which works, if the
URL contains any protocol execept https.
The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://faceboo
Marc Muehlfeld schrieb:
Hello,
I have blocked some URLs through an url_regex acl, which works, if the
URL contains any protocol execept https.
The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an on
Yes
On 10/25/10, Melissa MacKenzie wrote:
> Hello,
>
> I'm wondering if it's possible to create an acl for IP only access by
> loading a file of listed IPs. I seen this is available for URL's via a
> url_regex. Not quite sure if it's possible via IP.
>
> for example:
>
> acl TrustedIP src "/usr
On 21/10/10 02:53, Michael Knichel wrote:
I am a teacher with my own web connection for my classroom. I wish to
have ACL's that deal with my morning class differently than my
afternoon class. I have created the rules and applied them, but they
do not seem to be working. I have cleared my cache
David Parks wrote:
I have a simple ACL helper that fails whenever a user should no longer have
access (I need a way of dynamically blocking access to the proxy on a
per-user basis).
But when the ACL fails the request, the browser goes into a vicious cycle of
continuing to re-try the same request
From: David Parks
> But when the ACL fails the request, the browser
> goes into a vicious cycle of continuing to re-try
> the same request indefinitely
Did you set 'negative_ttl' in your external_acl line?
JD
Andreas Moroder wrote:
Hello,
all our users have to authenticate via LDAP. I now would like to open
the access from one machine but only for download via wget.
Does "acl aclname browser" work with wget
Yes. Any standards compliant HTTP client has a User-Agent name and sends
it in requests
On Wed, 12 May 2010 02:53:02 -0700 (PDT), squidACL
wrote:
> Hi
>
> I have squid and squidGuard installed and working very well , but now I
> need
> to creat groups ( I use the Active Directory user)
>
> you know how can I create the ACL groups ?
>
> Many Thanks
http://wiki.squid-cache.org/Feat
Hello Amos !
Thank for your replay, i solve the problem.
It was necessary to remove 2 lines permissive all authorized users
All work fine, thanks
Вы писали 19 апреля 2010 г., 18:01:00:
> Никоноров Григорий wrote:
>> Hello, Amos
>>
>> I install the latest version of squid3 from backports (unfortu
Никоноров Григорий wrote:
Hello, Amos
I install the latest version of squid3 from backports (unfortunately
i cant find my problem in squid3 bugs ...)
dpkg --list |grep squid3
ii squid3 3.0.STABLE19-1~bpo50+1 A full
featured Web Proxy cache (HTTP proxy)
ii squid3
Hello, Amos
I install the latest version of squid3 from backports (unfortunately
i cant find my problem in squid3 bugs ...)
dpkg --list |grep squid3
ii squid3 3.0.STABLE19-1~bpo50+1 A full
featured Web Proxy cache (HTTP proxy)
ii squid3-common
Никоноров Григорий wrote:
Hi,
After the upgrade from 2.7 to 3.0.STABLE8-3 + lenny3 squid stop block
prohibited sites.
IMO grab the official backport package from
http://www.backports.org/debian/pool/main/s/squid3/ if you can.
My Squid3 conf:
acl ADMIN proxy_auth "/etc/squid3/users/users
On Sat, Apr 10, 2010 at 3:39 PM, Dayo Adewunmi wrote:
> Hi everyone
>
> Is it possible to give a list of allowed MAC addresses in squid, i.e. via
> ACLs or a file
> and then have it block unauthorized MACs?
Yes. As long as all clients are on the same LAN as squid.
--
/kinkie
> user1 can only go on www.website1.com
> user2 can only go on www.website2.com
> user1 and user2 was authenticated by ncsa.
This link could help you:
http://blogdeaitor.wordpress.com/2008/11/04/squid-rewrite-program/
Carlos.
_
For the record, I worked this out. It turns out that the ACL must be
defined in squid.conf BEFORE the cache_access_log directive.
This is not clear from what appears in /var/log/messages:
Bungled squid.conf line 710: access_log /var/log/squid/access.log squid
dontlog
BUT
when I did this:
/us
ons 2010-03-03 klockan 09:54 -0500 skrev Rick Coloccia:
> I've added these things to squid.conf:
> acl dontlog url_regex -i
> ^http://dont.log.this.com/components/com_livechat/sync.php
> cache_access_log /var/log/squid/access.log squid !dontlog
> cache_access_log none dontlog
should be
access_l
tor 2010-02-18 klockan 11:09 +0100 skrev Nikolas Kuimcidis:
> Curretnly we stopped using static IP adresses and we obtain our IP's
> from a DHCP server.
> So I would like to setup the ACL rules to filter by
> windows-computer-name and not by IP
If your DHCP is configured to automatically update
Trever L. Adams wrote:
On 01/-10/-28163 12:59 PM, Chris Robertson wrote:
Considering the fact that icap_access relies on ACLs, my guess would
be ICAP is adding the headers after the rep_header ACL is evaluated.
Is this possible with ICAP + Squid, or is it a bug, or just not
possible?
On 01/-10/-28163 12:59 PM, Chris Robertson wrote:
> Considering the fact that icap_access relies on ACLs, my guess would
> be ICAP is adding the headers after the rep_header ACL is evaluated.
>
>> Is this possible with ICAP + Squid, or is it a bug, or just not
>> possible?
>>
>
> Run two Squid i
Trever L. Adams wrote:
I seem to be having trouble with acl rep_header trying to match against
an X-Header added by ICAP from the squid server in question.
acl TextAdultContent rep_header X-TEXT-CATEGORYadult.*
acl TextConfidenceSolid rep_header X-TEXT-CATEGORY-CONFIDENCE
1 - 100 of 529 matches
Mail list logo