[squid-users] HTTPS site filtering

roadrage27 alex.tate at gmail.com
Fri Jan 20 18:57:26 UTC 2017 

>How is that LAN traffic getting to Squid?
Squid is sitting on the internal LAN, not an external facing server

>That is odd. Because Squid ACL logics implicitly use the inverse of the
l>ast line as the default action.

>So your "allow localhost" sho>uld be causing an impicit "deny all" to
>exist at that point in the processing anyway.
>(/me wonders who broke what.)

I read the documentation which suggested the same but it goes nowhere.  I
thought i snapped it in half which is why i burned the server down and
rebuilt it from scratch then brought the config back over.  I attempted the
implicit deny on the new build with the same result.


On Fri, Jan 20, 2017 at 12:42 PM Amos Jeffries [via Squid Web Proxy Cache] <
ml-node+s1019090n4681230h85 at n4.nabble.com> wrote:

> On 21/01/2017 7:30 a.m., roadrage27 wrote:
> >> I see no 'localnet' ACL use. If this proxy is supposed to be servicing
> >> LAN clients, that will be needed and the keepgoing and artwork ACLs
> >> probably not needed.
> >
> > I am connecting on a LAN to it now with no issues and multiple testers
> on
> > the same subnet can also use it.  why would i add a directive if its
> > already working?
>
> Because your config file says the only traffic allowed is those specific
> keepgoing domains, the squid artwork file, and traffic was generated by
> locahost (aka. 127.0.0.1 on the proxy machine itself).
>
> How is that LAN traffic getting to Squid?
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> [hidden email] <http:///user/SendEmail.jtp?type=node&node=4681230&i=0>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681230.html
> To unsubscribe from HTTPS site filtering, click here
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4681198&code=YWxleC50YXRlQGdtYWlsLmNvbXw0NjgxMTk4fDIwMjU4MDQxMw==>
> .
> NAML
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-site-filtering-tp4681198p4681231.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list