Trying to understand what I am doing wrong with my ACLs (yes I've read the ACL
guide on squid site.. but still confused).. My client is 172.16.10.101, trying
to block access to facebook (and other dstdomain file lists), but it is not
working from the client I can still access fb.
Is this because I have this rule below..?
acl localnet src 172.16.0.0/12http_access allow localnet
Instead of denying everything access and manually maintaining rules, I want to
allow http/https access for everything except explicitly defined ACLs (in this
case the facebook acl as a test).
I've tried to set debugging to debug_options ALL,1 33,2 to see more info on
ACLs (read on some site this is the debug flags to set) but I don't see any ACL
details in my access.log file.
my squid.conf (for SQUID 3.3.3) file is below..
acl localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet
src 172.16.0.0/12 # RFC1918 possible internal networkacl localnet src
192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 8180 8443 563 1494 2598 8531acl Safe_ports port 80
# httpacl Safe_ports port 81
# http for Pacific Brokerageacl Safe_ports port 21
# ftpacl Safe_ports port 443 563
# httpacl Safe_ports port 70
# gopheracl Safe_ports port 210
# waisacl Safe_ports port 280
# http-mgmtacl Safe_ports port 488
# gss-httpacl Safe_ports port 591
# filemakeracl Safe_ports port 777
# multiling httpacl Safe_ports port 8080 8081 8082 8088 8180acl Safe_ports port
3128 # Squid http serveracl Safe_ports port 1494
2598 # ICA - Citrixacl Safe_ports port 7000 8000
# Oracleacl Safe_ports port 9000 #
Oracleacl Safe_ports port 8530 # WSUSacl
Safe_ports port 55905 # WSUSacl Safe_ports port
1025-65535 # unregistered portsacl CONNECT method
CONNECT
http_access allow localhost managerhttp_access deny managerhttp_access deny
!Safe_portshttp_access deny CONNECT !SSL_portshttp_access deny to_localhost
acl ads dstdomain "/etc/squid/blacklists/ads/domains"acl adult dstdomain
"/etc/squid/blacklists/adult/domains"acl gambling dstdomain
"/etc/squid/blacklists/gambling/domains"acl fb dstdomain .facebook.com
http_access allow localnethttp_access allow localhost
http_access deny ads adult gambling fb
http_access deny all
http_port 8080dns_nameservers 172.16.11.3 172.16.11.2
172.16.11.1visible_hostname www-proxy
hierarchy_stoplist cgi-bin ?
logformat oppy %ts.%03tu %6tr %>a %>A %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a
%mtaccess_log daemon:/var/log/squid/access.log oppycache_store_log
daemon:/var/log/squid/store.logcache_log /var/log/squid/cache.logcache_mem 64
MBlogfile_rotate 4debug_options ALL,1# ACL Debug Options# debug_options ALL,1
33,2# debug_options ALL,1 33,2 28,9coredump_dir /var/log/squid/squid
shutdown_lifetime 3 secondsdns_v4_first onretry_on_error onforward_max_tries
25forward_timeout 30 secondsconnect_timeout 30 secondsread_timeout 30
secondsrequest_timeout 30 secondspersistent_request_timeout 1 minute
cache_dir ufs /var/cache/squid 100 16 256cache_mgr [email protected]
snmp_port 0icp_port 0htcp_port 0
refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher:
1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0%
0refresh_pattern . 0 20% 4320
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
