[squid-users] Squid3 config on Ubuntu remains even after uninstall and ignore the new config

Efe merhabakendim at gmail.com
Mon Nov 10 13:58:42 UTC 2014


Thank you for your reply. I've managed to retrieve uncommented config lines:

$ grep -P '^\s*\w' /etc/squid3/squid.conf

acl localnet src 192.168.0.101  # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl myrule dstdom_regex "/etc/squid3/domainblock.txt"
http_access allow myrule
cache deny all
http_access allow localhost manager
http_access deny manager
acl Purge method PURGE
http_access deny Purge
http_access allow localhost
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .       0   20% 4320

If helps, iptables is empty and netstat status is
$ sudo netstat -nltp | grep squid
tcp6       0      0 :::3128                 :::*
LISTEN      20292/(squid-1)

Version info:
$ sudo apt-cache policy squid3
squid3:
  Installed: 3.3.8-1ubuntu6.1
  Candidate: 3.3.8-1ubuntu6.1
  Version table:
 *** 3.3.8-1ubuntu6.1 0
        500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main i386
Packages
        500 http://archive.ubuntu.com/ubuntu/ trusty-security/main i386
Packages
        100 /var/lib/dpkg/status
     3.3.8-1ubuntu6 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/main i386 Packages

Proof that squid is running:
$ ps ax | grep squid
20290 ?        Ss     0:00 squid3
20292 ?        S      0:06 (squid-1)
31535 ?        S      0:00 (logfile-daemon) /var/log/squid3/access.log
31720 pts/28   S+     0:00 grep --color=auto squid

Maybe i used the wrong terminology as "redirect". B/c whenever the website
in the blocklist is called, localhost page of my LAMP shows up.

So, what i want to achieve in the end is blocking and sometimes unblocking
a list of websites based on their domain name. Problem is even the config
is changed to "http_access allow myrule" it doesnt reflect allow/deny
options accordingly anymore. At this moment, the websites in the list are
still non-accessible.

On Mon, Nov 10, 2014 at 3:32 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/11/2014 12:22 a.m., Efe wrote:
> > OS: Ubuntu 14.04 LTS
> >
> > After i installed the squid3 package for the 1st time, i've add a
> > list of domains to be blocked in squid.conf:
> >
> > acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access
> > deny myrule
> >
> > where domainblock.txt is
> >
> > someaddress.com blockthis.net
>
> For domain names like this you should be using "dstdomain" ACL type
> instead of a regex.
>
> >
> > Which worked fine and redirect them to localhost running on my
> > LAMP
>
> ?? there is nothing about a "redirect" in that squid.conf snippet you
> showed.
>
> Can you please display the whole squid.conf. Without all the
> documentation #comment or empty lines though.
>
>
> >
> > Index of /
> >
> > Name   Last modified   Size   Description
> >
> > html   2014/04/10 ------------------------------
> > ---------------------- Apache/2.4.7 (Ubuntu) Server at
> > google-analytics.com Port 80
> >
> > Later i purged it by:
> >
> > sudo apt-get remove --purge squid3*
> >
> > and removed every file&folder the command "locate squid" gave,
> > including the "/etc/squid3" folder then reboot. But i still couldnt
> > access the websites in "domainblock.txt" even though it doesnt
> > exist anymore.
>
> "it" being squid I assume?
>
> There is almost always other configuration you had to add in the
> network or browser causing the browser to use the proxy. This will
> have probably broken your test result.
>
> If you did actually not have any of that, then you just proved that
> Squid was not involved with the problem.
>
> >
> > Then i re-installed with sudo apt-get install squid3 this time with
> > the config to allow those websites in the list:
> >
> > acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access
> > allow myrule
> >
> > But still no luck. I guess some configurations remain even after
> > removing the squid in the system. So what should i do now?
>
> What do you want to achieve exactly?
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUYL6CAAoJELJo5wb/XPRjF/sIANt7v8/BpcZ4taHWpRZyXbul
> mdr6Cq7rfNb8VRiR41GYnEi0qDuSsSb31ciCpVAVoaeIBF48FufleqQ+QH3kn8M3
> ETvNuUHis2Wd8gNXKd3pWtqBx+AbVyPzgKpJebBma0KeOw1eE3Jwevsqbjh/yMBq
> KLNfDH0CgL63wYkbNquP3AjDkQggv/w/YvD9bFQY1JfMsaTb64CEdP6NdtEbgnhi
> PBo9p9/T1HBkfBf2kg+uElR+TMur1OoHaztxx8g+iiqfBHSocaXhWRCtayhqg35X
> 8DCmysOYNjY9FyQHZAKFaSeb4WyD02On/KOchH3/5ZHCA1P4HG9zF8V4KYmlgfc=
> =iena
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141110/81d3a185/attachment-0001.html>


More information about the squid-users mailing list