[squid-users] server_name_regex acl doesnt work anymore

robert k Wild robertkwild at gmail.com
Thu Jan 12 15:22:21 UTC 2023 

hi all,

i have no idea why but my acl for url whitelist doesnt work anymore

this is the output of my parse

/usr/local/squid/sbin/squid -k parse
2023/01/12 15:10:56| Startup: Initializing Authentication Schemes ...
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'basic'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'digest'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'negotiate'
2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'ntlm'
2023/01/12 15:10:56| Startup: Initialized Authentication.
2023/01/12 15:10:56| Processing Configuration File:
/usr/local/squid/etc/squid.conf (depth 0)
2023/01/12 15:10:56| Processing: acl localnet src 0.0.0.1-0.255.255.255 #
RFC 1122 "this" network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 10.0.0.0/8            #
RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 100.64.0.0/10         #
RFC 6598 shared address space (CGN)
2023/01/12 15:10:56| Processing: acl localnet src 169.254.0.0/16        #
RFC 3927 link-local (directly plugged) machines
2023/01/12 15:10:56| Processing: acl localnet src 172.16.0.0/12         #
RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src 192.168.0.0/16
     # RFC 1918 local private network (LAN)
2023/01/12 15:10:56| Processing: acl localnet src fc00::/7              #
RFC 4193 local private network range
2023/01/12 15:10:56| Processing: acl localnet src fe80::/10             #
RFC 4291 link-local (directly plugged) machines
2023/01/12 15:10:56| Processing: acl SSL_ports port 443
2023/01/12 15:10:56| Processing: acl Safe_ports port 80         # http
2023/01/12 15:10:56| Processing: acl Safe_ports port 21         # ftp
2023/01/12 15:10:56| Processing: acl Safe_ports port 443                #
https
2023/01/12 15:10:56| Processing: acl Safe_ports port 70         # gopher
2023/01/12 15:10:56| Processing: acl Safe_ports port 210                #
wais
2023/01/12 15:10:56| Processing: acl Safe_ports port 1025-65535 #
unregistered ports
2023/01/12 15:10:56| Processing: acl Safe_ports port 280                #
http-mgmt
2023/01/12 15:10:56| Processing: acl Safe_ports port 488                #
gss-http
2023/01/12 15:10:56| Processing: acl Safe_ports port 591                #
filemaker
2023/01/12 15:10:56| Processing: acl Safe_ports port 777                #
multiling http
2023/01/12 15:10:56| Processing: acl CONNECT method CONNECT
2023/01/12 15:10:56| Processing: http_access allow localhost manager
2023/01/12 15:10:56| Processing: http_access deny manager
2023/01/12 15:10:56| Processing: include
/usr/local/squid/etc/squidrules.conf
2023/01/12 15:10:56| Processing Configuration File:
/usr/local/squid/etc/squidrules.conf (depth 1)
2023/01/12 15:10:56| Processing: acl DiscoverSNIHost at_step SslBump1
2023/01/12 15:10:56| Processing: acl NoSSLIntercept ssl::server_name_regex
/usr/local/squid/etc/pubkey.txt
2023/01/12 15:10:56| Processing: ssl_bump peek DiscoverSNIHost
2023/01/12 15:10:56| Processing: ssl_bump splice NoSSLIntercept
2023/01/12 15:10:56| Processing: ssl_bump bump all
2023/01/12 15:10:56| Processing: http_port 3128 ssl-bump
cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
2023/01/12 15:10:56| Processing: sslcrtd_program
/usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB
2023/01/12 15:10:56| Processing: acl upmime req_mime_type
/usr/local/squid/etc/mimedeny.txt
2023/01/12 15:10:56| Processing: acl url_links url_regex
/usr/local/squid/etc/linksurl.txt
2023/01/12 15:10:56| Processing: acl special_url url_regex
/usr/local/squid/etc/urlspecial.txt
2023/01/12 15:10:56| Processing: acl downmime rep_mime_type
/usr/local/squid/etc/mimedeny.txt
2023/01/12 15:10:56| Processing: http_reply_access allow special_url
2023/01/12 15:10:56| Processing: http_reply_access deny downmime
2023/01/12 15:10:56| Processing: acl whitelist ssl::server_name_regex
/usr/local/squid/etc/urlwhite.txt
2023/01/12 15:10:56| Processing: acl activation port 80 443
2023/01/12 15:10:56| Processing: http_access allow activation whitelist
2023/01/12 15:10:56| Processing: http_access deny all
2023/01/12 15:10:56| Processing: http_access allow localnet
2023/01/12 15:10:56| Processing: http_access allow localhost
2023/01/12 15:10:56| Processing: http_access deny all
2023/01/12 15:10:56| Processing: coredump_dir
/usr/local/squid/var/cache/squid
2023/01/12 15:10:56| Processing: refresh_pattern ^ftp:          1440    20%
    10080
2023/01/12 15:10:56| Processing: refresh_pattern ^gopher:       1440    0%
     1440
2023/01/12 15:10:56| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%
     0
2023/01/12 15:10:56| Processing: refresh_pattern .              0       20%
    4320
2023/01/12 15:10:56| Processing: icap_enable on
2023/01/12 15:10:56| Processing: adaptation_uses_indirect_client on
2023/01/12 15:10:56| Processing: icap_send_client_ip on
2023/01/12 15:10:56| Processing: icap_send_client_username on
2023/01/12 15:10:56| Processing: icap_client_username_header
X-Authenticated-User
2023/01/12 15:10:56| Processing: icap_service service_req reqmod_precache
bypass=0 icap://127.0.0.1:1344/squidclamav
2023/01/12 15:10:56| Processing: adaptation_access service_req allow all
2023/01/12 15:10:56| Processing: icap_service service_resp respmod_precache
bypass=0 icap://127.0.0.1:1344/squidclamav
2023/01/12 15:10:56| Processing: adaptation_access service_resp allow all
2023/01/12 15:10:56| Initializing https:// proxy context
2023/01/12 15:10:56| Initializing http_port [::]:3128 TLS contexts
2023/01/12 15:10:56| Using certificate in
/usr/local/squid/etc/ssl_cert/myCA.pem
2023/01/12 15:10:56| Using certificate chain in
/usr/local/squid/etc/ssl_cert/myCA.pem
2023/01/12 15:10:56| Adding issuer CA: /C=XX/L=Default City/O=Default
Company Ltd
2023/01/12 15:10:56| Using key in /usr/local/squid/etc/ssl_cert/myCA.pem

acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt

and in the url whitelist file is adobe.com

(^|\.)adobe.com$

but when i try to access on my browser "adobe.com" i get the proxy access
denied page

can anyone shed some light as im struggling to sort this out

thanks,
rob

-- 
Regards,

Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230112/8e5faa55/attachment.htm>

More information about the squid-users mailing list