Sorry it took me so long to respond!
Please see my answers below.
Mike Rambo wrote:
>
> We have a pretty heavily used filter. Here are the only references
> I found to either my client address, the cachemgr.cgi, or the
> filter box by either name or ip address.
>
> [EMAIL PROTECTED] root]# cat capture
> 1082478237.612 35 10.8.16.7 TCP_MISS/200 1415 GET
> http://squid.lpsd.local/cgi-bin/cachemgr.cgi - DIRECT/192.168.189.6
> text/html
> 1082478237.856 81 10.8.16.7 TCP_MISS/404 1564 GET
> http://squid.lpsd.local/favicon.ico - DIRECT/192.168.189.6 text/html
> 1082478242.614 45 192.168.189.9 TCP_MISS/200 1371 GET
> cache_object://squid.lpsd.local/ - DIRECT/192.168.189.9 text/html
> 1082478242.620 73 10.8.16.7 TCP_MISS/200 4158 POST
> http://squid.lpsd.local/cgi-bin/cachemgr.cgi - DIRECT/192.168.189.6
> text/html
>
> [EMAIL PROTECTED] root]# cat blocked.default
> 2004-04-20 12:41:18 [22037] Request(default/none/-)
> cache_object://squid.lpsd.local/ 192.168.189.9/squid.lpsd.local - GET
>
> I notice that this seems the same as the third entry in the list
> above and that the request is cache-object:// rather that http://.
> Meaningful?
Yes it is!
Squid creates the new protocol cache_object just for cachemgr.cgi to
allow you to lock it down adequately via squid.conf acls.
> I've found at least a workaround for this if you don't have a
> 'more correct' solution. I created a cachemgr group in the
> blacklists and changed the default acl to 'pass cachemgr none'.
> That, I think, makes everything happen the way we want (I know the
> cachemgr comes up now but haven't checked to see what the response
> is to out of network clients yet).
>
> Here is the full squidGuard.conf file.
<snip>
My recommendations cover several areas and I apologize that I don't
have the time right now to organize them into a logical flow. [I
have very carefully placed them in "stream of consciousness"
order. :)]
Your entry from squidGuard's blocked log was:
> 2004-04-20 12:41:18 [22037] Request(default/none/-)
> cache_object://squid.lpsd.local/ 192.168.189.9/squid.lpsd.local - GET
squidGuard received a request from 192.168.189.9, which does not
match any of the source groups listed in your squidGuard.conf, so
it was processed under the default acl. You can change that by
defining a new source group and acl to squidGuard.conf:
src filterbox {
ip 192.168.189.9
}
In the acl section:
filterbox {
pass all
}
You do not need a cachemgr destination group in squidGuard.conf.
By the way, the squidGuard documentation says this about the
structure of squidGuard.conf:
Path declarations (i.e. logdir and dbhome) (optional)
Time space declarations (i.e. time zones) (optional)
Source group declarations (i.e. clients) (optional)
Destination group declarations (i.e. URLs) (optional)
Rewrite rule group declarations (optional)
Access control rule declarations (required)
Note: No forward references are allowed! Within this strong limitation
you may actually chose any structure you prefer.
I recommend moving your source group declarations ahead of your
destination group declarations.
You could stop sending the cache_object requests to squidGuard. To
do that, you'll need something that resembles this in squid.conf:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl filterbox src 192.168.189.9/255.255.255.255
acl NoRedirect src 127.0.0.1 192.168.189.9
http_access allow manager localhost
http_access allow manager filterbox
http_access deny manager
redirector_access deny NoRedirect
redirector_access allow all
I think that will take care of things for you.
Rick
