this is my config hepworth squid # grep ^acl /etc/squid/squid.conf acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 acl Safe_ports port 80 # http <snip> acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT acl andrew proxy_auth acl emma proxy_auth acl QUERY urlpath_regex cgi-bin \? acl apache rep_header Server ^Apache acl testing time MTWHF 07:30-08:00 hepworth squid # grep ^http_access /etc/squid/squid.conf http_access deny !Safe_ports http_access allow emma testing http_access allow andrew localhost http_access deny all hepworth squid #
and logging in as andrew denies a poage with this 2008/03/31 20:56:37| Starting Squid Cache version 2.6.STABLE17 for i686-pc-linux-gnu... 2008/03/31 20:56:37| Process ID 8806 2008/03/31 20:56:37| With 1024 file descriptors available 2008/03/31 20:56:37| Using epoll for the IO loop 2008/03/31 20:56:37| DNS Socket created at 0.0.0.0, port 32780, FD 6 2008/03/31 20:56:37| Adding domain home.nw from /etc/resolv.conf 2008/03/31 20:56:37| Adding nameserver 192.168.0.254 from /etc/resolv.conf 2008/03/31 20:56:37| helperOpenServers: Starting 5 'ncsa_auth' processes 2008/03/31 20:56:38| User-Agent logging is disabled. 2008/03/31 20:56:38| Referer logging is disabled. 2008/03/31 20:56:38| Unlinkd pipe opened on FD 17 2008/03/31 20:56:38| Swap maxSize 102400 KB, estimated 7876 objects 2008/03/31 20:56:38| Target number of buckets: 393 2008/03/31 20:56:38| Using 8192 Store buckets 2008/03/31 20:56:38| Max Mem size: 8192 KB 2008/03/31 20:56:38| Max Swap size: 102400 KB 2008/03/31 20:56:38| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2008/03/31 20:56:38| Rebuilding storage in /var/cache/squid (CLEAN) 2008/03/31 20:56:38| Using Least Load store dir selection 2008/03/31 20:56:38| Set Current Directory to /var/cache/squid 2008/03/31 20:56:38| Loaded Icons. 2008/03/31 20:56:38| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 19. 2008/03/31 20:56:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 20. 2008/03/31 20:56:38| HTCP Disabled. 2008/03/31 20:56:38| WCCP Disabled. 2008/03/31 20:56:38| Ready to serve requests. 2008/03/31 20:56:38| Done reading /var/cache/squid swaplog (2219 entries) 2008/03/31 20:56:38| Finished rebuilding storage from disk. 2008/03/31 20:56:38| 2219 Entries scanned 2008/03/31 20:56:38| 0 Invalid entries. 2008/03/31 20:56:38| 0 With invalid flags. 2008/03/31 20:56:38| 2219 Objects loaded. 2008/03/31 20:56:38| 0 Objects expired. 2008/03/31 20:56:38| 0 Objects cancelled. 2008/03/31 20:56:38| 0 Duplicate URLs purged. 2008/03/31 20:56:38| 0 Swapfile clashes avoided. 2008/03/31 20:56:38| Took 0.3 seconds (6503.0 objects/sec). 2008/03/31 20:56:38| Beginning Validation Procedure 2008/03/31 20:56:38| Completed Validation Procedure 2008/03/31 20:56:38| Validated 2219 Entries 2008/03/31 20:56:38| store_swap_size = 18264k 2008/03/31 20:56:39| storeLateRelease: released 0 objects 2008/03/31 20:56:44| aclCheckFast: list: 0x82ab588 2008/03/31 20:56:44| aclMatchAclList: checking all 2008/03/31 20:56:44| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2008/03/31 20:56:44| aclMatchIp: '127.0.0.1' found 2008/03/31 20:56:44| aclMatchAclList: returning 1 2008/03/31 20:56:44| aclCheck: checking 'http_access deny !Safe_ports' 2008/03/31 20:56:44| aclMatchAclList: checking !Safe_ports 2008/03/31 20:56:44| aclMatchAcl: checking 'acl Safe_ports port 80 # http' 2008/03/31 20:56:44| aclMatchAclList: no match, returning 0 2008/03/31 20:56:44| aclCheck: checking 'http_access allow emma testing' 2008/03/31 20:56:44| aclMatchAclList: checking emma 2008/03/31 20:56:44| aclMatchAcl: checking 'acl emma proxy_auth ' 2008/03/31 20:56:44| aclMatchAcl: returning 0 sending credentials to helper. 2008/03/31 20:56:44| aclMatchAclList: no match, returning 0 2008/03/31 20:56:44| aclCheck: checking password via authenticator 2008/03/31 20:56:45| aclCheck: checking 'http_access allow emma testing' 2008/03/31 20:56:45| aclMatchAclList: checking emma 2008/03/31 20:56:45| aclMatchAcl: checking 'acl emma proxy_auth ' 2008/03/31 20:56:45| aclMatchUser: user is andrew, case_insensitive is 0 2008/03/31 20:56:45| Top is (nil), Top->data is Unavailable 2008/03/31 20:56:45| aclMatchUser: returning 0,Top is (nil), Top->data is Unavailable 2008/03/31 20:56:45| aclMatchAclList: no match, returning 0 2008/03/31 20:56:45| aclCheck: checking 'http_access allow andrew ' 2008/03/31 20:56:45| aclMatchAclList: checking andrew 2008/03/31 20:56:45| aclMatchAcl: checking 'acl andrew proxy_auth ' 2008/03/31 20:56:45| aclMatchUser: user is andrew, case_insensitive is 0 2008/03/31 20:56:45| Top is (nil), Top->data is Unavailable 2008/03/31 20:56:45| aclMatchUser: returning 0,Top is (nil), Top->data is Unavailable 2008/03/31 20:56:45| aclMatchAclList: no match, returning 0 2008/03/31 20:56:45| aclCheck: checking 'http_access deny all' 2008/03/31 20:56:45| aclMatchAclList: checking all 2008/03/31 20:56:45| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2008/03/31 20:56:45| aclMatchIp: '127.0.0.1' found 2008/03/31 20:56:45| aclMatchAclList: returning 1 2008/03/31 20:56:45| aclCheck: match found, returning 0 2008/03/31 20:56:45| aclCheckCallback: answer=0 2008/03/31 20:56:45| The request GET http://grolma.no-ip.org/ is DENIED, because it matched 'all' 2008/03/31 20:56:45| The reply for GET http://grolma.no-ip.org/ is ALLOWED, because it matched 'all' so its matching andrew at aclMatchUser: user is andrew, case_insensitive is 0 but then denies ????because 127.0.0.1 is matched by deny all src 0.0.0.0
