[squid-users] server_name_regex acl doesnt work anymore

robert k Wild robertkwild at gmail.com
Thu Jan 12 16:09:41 UTC 2023 

I've sorted it, I had to put quotes around my file path to the URL whitelist

On Thu, 12 Jan 2023, 15:22 robert k Wild, <robertkwild at gmail.com> wrote:

> hi all,
>
> i have no idea why but my acl for url whitelist doesnt work anymore
>
> this is the output of my parse
>
> /usr/local/squid/sbin/squid -k parse
> 2023/01/12 15:10:56| Startup: Initializing Authentication Schemes ...
> 2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'basic'
> 2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'digest'
> 2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'negotiate'
> 2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'ntlm'
> 2023/01/12 15:10:56| Startup: Initialized Authentication.
> 2023/01/12 15:10:56| Processing Configuration File:
> /usr/local/squid/etc/squid.conf (depth 0)
> 2023/01/12 15:10:56| Processing: acl localnet src 0.0.0.1-0.255.255.255 #
> RFC 1122 "this" network (LAN)
> 2023/01/12 15:10:56| Processing: acl localnet src 10.0.0.0/8            #
> RFC 1918 local private network (LAN)
> 2023/01/12 15:10:56| Processing: acl localnet src 100.64.0.0/10         #
> RFC 6598 shared address space (CGN)
> 2023/01/12 15:10:56| Processing: acl localnet src 169.254.0.0/16        #
> RFC 3927 link-local (directly plugged) machines
> 2023/01/12 15:10:56| Processing: acl localnet src 172.16.0.0/12         #
> RFC 1918 local private network (LAN)
> 2023/01/12 15:10:56| Processing: acl localnet src 192.168.0.0/16
>        # RFC 1918 local private network (LAN)
> 2023/01/12 15:10:56| Processing: acl localnet src fc00::/7              #
> RFC 4193 local private network range
> 2023/01/12 15:10:56| Processing: acl localnet src fe80::/10             #
> RFC 4291 link-local (directly plugged) machines
> 2023/01/12 15:10:56| Processing: acl SSL_ports port 443
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 80         # http
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 21         # ftp
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 443                #
> https
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 70         # gopher
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 210                #
> wais
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 1025-65535 #
> unregistered ports
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 280                #
> http-mgmt
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 488                #
> gss-http
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 591                #
> filemaker
> 2023/01/12 15:10:56| Processing: acl Safe_ports port 777                #
> multiling http
> 2023/01/12 15:10:56| Processing: acl CONNECT method CONNECT
> 2023/01/12 15:10:56| Processing: http_access allow localhost manager
> 2023/01/12 15:10:56| Processing: http_access deny manager
> 2023/01/12 15:10:56| Processing: include
> /usr/local/squid/etc/squidrules.conf
> 2023/01/12 15:10:56| Processing Configuration File:
> /usr/local/squid/etc/squidrules.conf (depth 1)
> 2023/01/12 15:10:56| Processing: acl DiscoverSNIHost at_step SslBump1
> 2023/01/12 15:10:56| Processing: acl NoSSLIntercept ssl::server_name_regex
> /usr/local/squid/etc/pubkey.txt
> 2023/01/12 15:10:56| Processing: ssl_bump peek DiscoverSNIHost
> 2023/01/12 15:10:56| Processing: ssl_bump splice NoSSLIntercept
> 2023/01/12 15:10:56| Processing: ssl_bump bump all
> 2023/01/12 15:10:56| Processing: http_port 3128 ssl-bump
> cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> 2023/01/12 15:10:56| Processing: sslcrtd_program
> /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB
> 2023/01/12 15:10:56| Processing: acl upmime req_mime_type
> /usr/local/squid/etc/mimedeny.txt
> 2023/01/12 15:10:56| Processing: acl url_links url_regex
> /usr/local/squid/etc/linksurl.txt
> 2023/01/12 15:10:56| Processing: acl special_url url_regex
> /usr/local/squid/etc/urlspecial.txt
> 2023/01/12 15:10:56| Processing: acl downmime rep_mime_type
> /usr/local/squid/etc/mimedeny.txt
> 2023/01/12 15:10:56| Processing: http_reply_access allow special_url
> 2023/01/12 15:10:56| Processing: http_reply_access deny downmime
> 2023/01/12 15:10:56| Processing: acl whitelist ssl::server_name_regex
> /usr/local/squid/etc/urlwhite.txt
> 2023/01/12 15:10:56| Processing: acl activation port 80 443
> 2023/01/12 15:10:56| Processing: http_access allow activation whitelist
> 2023/01/12 15:10:56| Processing: http_access deny all
> 2023/01/12 15:10:56| Processing: http_access allow localnet
> 2023/01/12 15:10:56| Processing: http_access allow localhost
> 2023/01/12 15:10:56| Processing: http_access deny all
> 2023/01/12 15:10:56| Processing: coredump_dir
> /usr/local/squid/var/cache/squid
> 2023/01/12 15:10:56| Processing: refresh_pattern ^ftp:          1440
>  20%     10080
> 2023/01/12 15:10:56| Processing: refresh_pattern ^gopher:       1440    0%
>      1440
> 2023/01/12 15:10:56| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%
>      0
> 2023/01/12 15:10:56| Processing: refresh_pattern .              0
> 20%     4320
> 2023/01/12 15:10:56| Processing: icap_enable on
> 2023/01/12 15:10:56| Processing: adaptation_uses_indirect_client on
> 2023/01/12 15:10:56| Processing: icap_send_client_ip on
> 2023/01/12 15:10:56| Processing: icap_send_client_username on
> 2023/01/12 15:10:56| Processing: icap_client_username_header
> X-Authenticated-User
> 2023/01/12 15:10:56| Processing: icap_service service_req reqmod_precache
> bypass=0 icap://127.0.0.1:1344/squidclamav
> 2023/01/12 15:10:56| Processing: adaptation_access service_req allow all
> 2023/01/12 15:10:56| Processing: icap_service service_resp
> respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
> 2023/01/12 15:10:56| Processing: adaptation_access service_resp allow all
> 2023/01/12 15:10:56| Initializing https:// proxy context
> 2023/01/12 15:10:56| Initializing http_port [::]:3128 TLS contexts
> 2023/01/12 15:10:56| Using certificate in
> /usr/local/squid/etc/ssl_cert/myCA.pem
> 2023/01/12 15:10:56| Using certificate chain in
> /usr/local/squid/etc/ssl_cert/myCA.pem
> 2023/01/12 15:10:56| Adding issuer CA: /C=XX/L=Default City/O=Default
> Company Ltd
> 2023/01/12 15:10:56| Using key in /usr/local/squid/etc/ssl_cert/myCA.pem
>
> acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt
>
> and in the url whitelist file is adobe.com
>
> (^|\.)adobe.com$
>
> but when i try to access on my browser "adobe.com" i get the proxy access
> denied page
>
> can anyone shed some light as im struggling to sort this out
>
> thanks,
> rob
>
> --
> Regards,
>
> Robert K Wild.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230112/3b75ee86/attachment-0001.htm>

More information about the squid-users mailing list