One more information: I enabled debugging and got the following information:
2010/10/27 11:22:36| The request CONNECT www.facebook.com:443 is ALLOWED, because it matched 'MyNetworkMR_Clt'
But why it matches 'MyNetworkMR_Clt' and not rule 'blocked_urls'? Am 26.10.2010 14:12, schrieb Marc Muehlfeld:
Hello, I have blocked some URLs through an url_regex acl, which works, if the URL contains any protocol execept https. The "blocked_urls.lst" file contains lines like: ([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+ I've tested the regex using an online regex tester: "http://www.facebook.com" and "https://www.facebook.com" both match. But the https address can be reached, so I think, there must be a problem in my configuration (see below). I use 2.6.STABLE21 on CentOS 5. Regards, Marc # Define networks "all" and "localhost" acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 # Default ports we allow acl Safe_ports port 21 acl Safe_ports port 80 acl Safe_ports port 443 acl Safe_ports port 8080 # Deny requests to unknown ports http_access deny !Safe_ports # Only allow cachemgr access from localhost acl manager proto cache_object http_access allow manager localhost http_access deny manager # Deny CONNECT to other than SSL ports acl SSL_ports port 443 acl SSL_ports port 8443 acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports # Block access from all IPs to URLs out of this file acl blocked_urls url_regex "/etc/squid/blocked_urls.lst" deny_info ERR_BLOCKED_PRIVATE blocked_urls http_access deny all blocked_urls # Allow access from all of our subnets acl MyNetworkMR_Srv src 192.168.29.0/24 acl MyNetworkMR_Clt src 10.1.0.0/21 http_access allow MyNetworkMR_Srv http_access allow MyNetworkMR_Clt # Allow access from localhost http_access allow localhost # Finally deny all other access to this proxy http_access deny all
-- Marc Muehlfeld (IT-Leiter) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de