Hello Amos ! Thank for your replay, i solve the problem. It was necessary to remove 2 lines permissive all authorized users All work fine, thanks
Вы писали 19 апреля 2010 г., 18:01:00: > Никоноров Григорий wrote: >> Hello, Amos >> >> I install the latest version of squid3 from backports (unfortunately >> i cant find my problem in squid3 bugs ...) >> dpkg --list |grep squid3 >> ii squid3 3.0.STABLE19-1~bpo50+1 A full >> featured Web Proxy cache (HTTP proxy) >> ii squid3-common 3.0.STABLE19-1~bpo50+1 A full >> featured Web Proxy cache (HTTP proxy) - common files >> >> I also delete two lines about QUERY... >> acl QUERY urlpath_regex cgi-bin \? >> no_cache deny QUERY >> >> ...and modified my refresh_patters accordingly your advice >> refresh_pattern \.doc$ 0 20% 4320 >> refresh_pattern \.zip$ 0 20% 4320 >> refresh_pattern \.exe$ 0 20% 4320 >> refresh_pattern \.rar$ 0 20% 4320 >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 20% 4320 >> >> I upload my squid.conf for "easy to read" purpose in pastebay.com >> http://pastebay.com/94291 (no virus guys...only my squid.conf :) >> >> p.s. regex replacement on dstdomain not helped >> >> You wrote 19 апреля 2010 г., 13:47:21: >>> Никоноров Григорий wrote: >>>> Hi, >>>> >>>> After the upgrade from 2.7 to 3.0.STABLE8-3 + lenny3 squid stop block >>>> prohibited sites. >> >>> IMO grab the official backport package from >>> http://www.backports.org/debian/pool/main/s/squid3/ if you can. >> >>>> My Squid3 conf: >>>> acl ADMIN proxy_auth "/etc/squid3/users/users.admin" >>>> acl bad_site url_regex -i "/etc/squid3/bad_site.acl" >>>> >>>> bad_site.acl: >>>> vkontakte\.ru >>>> odnoklassniki\.ru >>>> pagewash\.com >>>> vk\.com >> >>> Hmm. Regardless of your squid version those are far better off being >>> configured as a "dstdomain" ACL type. Regex is Slooooowww. >> >>> acl bad_site dstdomain "/etc/squid3/bad_site.acl" >> >>> bad_site.acl: >>> .vkontakte.ru >>> .odnoklassniki.ru >>> .pagewash.com >>> .vk.com >> >>>> http_access allow manager localhost >>>> http_access deny manager >>>> http_access deny !Safe_ports >>>> http_access allow ADMIN !bad_site >>>> acl QUERY urlpath_regex cgi-bin \? >>>> no_cache deny QUERY >> >>> The above two lines about QUERY are no longer very useful. >> >>> Remove them and make sure your *final* two refresh_patterns lines match >>> the new defaults for squid-3.x: >> >>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >>> refresh_pattern . 0 20% 4320 >> >> >>>> http_access deny all >>>> >>>> >>>> 192.168.164.111 - user from group ADMIN >>>> >>>> Access log: >>>> 1271418317.455 103 192.168.164.111 TCP_MISS/302 494 GET >>>> http://vkontakte.ru/id000000 user DIRECT/93.186.231.220 text/html >>>> 1271418317.536 71 192.168.164.111 TCP_MISS/200 3767 GET >>>> http://vkontakte.ru/login.php? user DIRECT/93.186.231.220 text/html >>>> 1271418317.665 5 192.168.164.111 TCP_MISS/304 347 GET >>>> http://vkontakte.ru/images/xhead2.gif user DIRECT/93.186.231.220 - >>>> 1271418317.669 9 192.168.164.111 TCP_MISS/304 347 GET >>>> http://vkontakte.ru/images/header_yellow.gif user DIRECT/93.186.231.222 - >>>> 1271418317.674 15 192.168.164.111 TCP_MISS/304 347 GET >>>> http://vkontakte.ru/images/header_divider.gif user DIRECT/93.186.231.221 - >>>> 1271418317.690 35 192.168.164.111 TCP_MISS/304 483 GET >>>> http://www.tns-counter.ru/V13a***R>*vkontakte_ru/ru/CP1251/tmsec=vkontakte_total/ >>>> user DIRECT/217.73.200.219 - >>>> 1271418317.714 55 192.168.164.111 TCP_MISS/200 386 GET >>>> http://counter.yadro.ru/hit? user DIRECT/88.212.196.77 image/gif >>>> 1271418321.434 82 192.168.164.111 TCP_MISS/200 5360 GET http://vk.com/ >>>> user DIRECT/93.186.231.221 text/html >>>> 1271418321.476 124 192.168.164.111 TCP_MISS/200 719 GET >>>> http://sitecheck2.opera.com/? user DIRECT/91.203.99.45 text/xml >>>> 1271418322.588 34 192.168.164.111 TCP_MISS/304 483 GET >>>> http://www.tns-counter.ru/V13a***R>*vkontakte_ru/ru/CP1251/tmsec=vkontakte_total/ >>>> user DIRECT/217.73.200.220 - >>>> 1271418322.608 54 192.168.164.111 TCP_MISS/200 386 GET >>>> http://counter.yadro.ru/hit? user DIRECT/88.212.196.101 image/gif >>>> 1271418324.221 1670 192.168.164.111 TCP_MISS/200 6368 CONNECT >>>> certs.opera.com:443 user DIRECT/91.203.99.57 - >>>> 1271418324.358 69 192.168.164.111 TCP_MISS/200 738 GET >>>> http://login.vk.com/? user DIRECT/93.186.229.129 text/html >>>> 1271418324.433 56 192.168.164.111 TCP_MISS/200 617 POST >>>> http://vk.com/login.php? user DIRECT/93.186.231.222 text/html >>>> >> >> >>> I can't see any reason why those requests might go through. Is there any >>> additional http_access configuration anywhere? >> >>> If not, try with the backports package and see if it goes away. >> >>> Amos >> > Wading through that config I find the very first http_access: > acl ncsa_users proxy_auth REQUIRED > http_access allow ncsa_users > ... any user with a valid login has unlimited access through your server. > The http_access rules following that line apply only to non-logged in > users. > Amos -- С уважением, Никоноров Григорий Системный администратор ЗАО "Комита" icq 419950912 Тел. 295
