[squid-users] How to create a simple whitelist using regexes?

RB ronthecon at gmail.com
Mon Oct 15 05:04:39 UTC 2018 

Hi everyone,

I'm trying to deny all urls except for only whitelisted regular
expressions. I have only this regular expression in my file
"squid_sites.txt"

^https://wiki.squid-cache.org/SquidFaq/SquidAcl.*


My "squid.conf"


debug_options 28,7

###
### Global settings define
###

http_port 3128

###
### Authorization rules define
###

###
### Networks define
###

acl localnet src 10.5.0.0/1
acl localnet src 172.16.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10

###
### Ports define
###

acl SSL_ports port 443          # https
acl SSL_ports port 22           # SSH
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 22          # SSH

acl purge method PURGE

acl CONNECT method CONNECT

acl bastion src 10.5.0.0/1
acl whitelist url_regex "/vagrant/squid_sites.txt"

###
### Rules define
###

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow localhost
http_access allow purge localhost
http_access deny purge
http_access deny CONNECT !SSL_ports

http_access allow bastion whitelist
http_access deny bastion all

# http_access deny all

###
### Secondary global settings define
###


# icp_access allow localnet
# icp_access deny all
#
# htcp_access allow localnet
# htcp_access deny all

# Add any of your own refresh_pattern entries above these.
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log squid
cache_store_log /var/log/squid3/store.log squid

refresh_pattern      ^ftp:      1440  20%  10080
refresh_pattern     ^gopher:      1440  0%  1440
refresh_pattern      -i (/cgi-bin/|\?)    0  0%  0
refresh_pattern     (Release|Package(.gz)*)$  0  20%  2880

coredump_dir /var/spool/squid3
maximum_object_size 1024 MB
cache_mem 2048 MB


I tried enabling debugging and tailing /var/log/squid3/cache.log but my
curl statement keeps matching "all".

$ curl -sSL --proxy localhost:3128 -D - "
https://wiki.squid-cache.org/SquidFaq/SquidAcl" -o /dev/null 2>&1 | grep
Squid
X-Squid-Error: ERR_ACCESS_DENIED 0


Any ideas what I'm doing wrong?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181015/f3216316/attachment-0001.html>

More information about the squid-users mailing list