Re: [squid-users] ACL blocks http, but not https

Wed, 27 Oct 2010 02:24:47 -0700 

One more information: I enabled debugging and got the following information:
2010/10/27 11:22:36| The request CONNECT www.facebook.com:443 is ALLOWED, because it matched 'MyNetworkMR_Clt' 

But why it matches 'MyNetworkMR_Clt' and not rule 'blocked_urls'?




Am 26.10.2010 14:12, schrieb Marc Muehlfeld:

Hello,

I have blocked some URLs through an url_regex acl, which works, if the URL
contains any protocol execept https.

The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an online regex tester: "http://www.facebook.com";
and "https://www.facebook.com"; both match. But the https address can be
reached, so I think, there must be a problem in my configuration (see below).

I use 2.6.STABLE21 on CentOS 5.

Regards,
Marc





# Define networks "all" and "localhost"
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255

# Default ports we allow
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 8080

# Deny requests to unknown ports
http_access deny !Safe_ports

# Only allow cachemgr access from localhost
acl manager proto cache_object
http_access allow manager localhost
http_access deny manager

# Deny CONNECT to other than SSL ports
acl SSL_ports port 443
acl SSL_ports port 8443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

# Block access from all IPs to URLs out of this file
acl blocked_urls url_regex "/etc/squid/blocked_urls.lst"
deny_info ERR_BLOCKED_PRIVATE blocked_urls
http_access deny all blocked_urls

# Allow access from all of our subnets
acl MyNetworkMR_Srv src 192.168.29.0/24
acl MyNetworkMR_Clt src 10.1.0.0/21
http_access allow MyNetworkMR_Srv
http_access allow MyNetworkMR_Clt

# Allow access from localhost
http_access allow localhost

# Finally deny all other access to this proxy
http_access deny all




--
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de

Reply via email to