<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
<tt>acl allow_urls url_regex -i
"/etc/squid/allowurls-regex-acl.squid" (a)<br>
acl block_urls url_regex -i "/etc/squid/blockurls-regex-acl.squid"
(b)<br>
acl allow_urlpaths urlpath_regex -i
"/etc/squid/allowurlpaths-regex-acl.squid" (c)<br>
acl block_urlpaths urlpath_regex -i
"/etc/squid/blockurlpaths-regex-acl.squid" (d)<br>
acl allow_domains_list dstdomain
"/etc/squid/allowdomains-list-acl.squid" (e)<br>
acl block_domains_list dstdomain
"/etc/squid/blockdomains-list-acl.squid" (f)<br>
acl block_domains_listex dstdomain
"/etc/squid/blockdomains-listex-acl.squid" (g)<br>
acl allow_domains_regex dstdom_regex -i
"/etc/squid/allowdomains-regex-acl.squid" (h)<br>
acl block_domains_regex dstdom_regex -i
"/etc/squid/blockdomains-regex-acl.squid" (i)<br>
acl block_hosts_list dst "/etc/squid/blockhosts-list-acl.squid"
(j)<br>
deny_info ERR_URL_BLOCKED block_urls<br>
deny_info ERR_URL_BLOCKED block_urlpaths<br>
deny_info ERR_DOMAIN_BLOCKED block_domains_list<br>
deny_info ERR_DOMAIN_BLOCKED block_domains_listex<br>
deny_info ERR_DOMAIN_BLOCKED block_domains_regex<br>
deny_info ERR_HOST_BLOCKED block_hosts_list<br>
http_access allow allow_urls<br>
http_access allow allow_urlpaths<br>
http_access allow allow_domains_list<br>
http_access allow allow_domains_regex<br>
http_access deny block_urls<br>
http_access deny block_urlpaths<br>
http_access deny block_domains_list<br>
http_access deny block_domains_listex<br>
http_access deny block_domains_regex<br>
http_access deny block_hosts_list<br>
</tt><br>
(a), (b) look like this:
"^<a class="moz-txt-link-freetext" href="http:\/\/websupport\.wdc\.com\/sfclickcount.asp\">http:\/\/websupport\.wdc\.com\/sfclickcount.asp\</a>?"<br>
(c), (d) look like this: "^\/cgi-bin\/"<br>
(e), (f), (g) look like this: "<a class="moz-txt-link-abbreviated" href="http://www.googletagmanager.com">www.googletagmanager.com</a>"<br>
(h), (i) look like this: "^banner(s)?[0-9]*\."<br>
(j) looks like this: "85.17.30.143"<br>
<br>
(g) comes from a source like: e.g.
<a class="moz-txt-link-freetext" href="http://winhelp2002.mvps.org/hosts.htm">http://winhelp2002.mvps.org/hosts.htm</a><br>
<br>
On 15.10.2014 02:05, Mirza Dedic wrote:
<blockquote cite="mid:BAY181-W19CC619B2AFE9F23C165CF0AA0@phx.gbl"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=iso-8859-1">
<div>
<div>Trying to understand what I am doing wrong with my ACLs
(yes I've read the ACL guide on squid site.. but still
confused).. <span>My client is 172.16.10.101, trying to block
access to facebook (and other dstdomain file lists), but it
is not working from the client I can still access fb.</span></div>
<div><br>
</div>
<div>Is this because I have this rule below..?</div>
<div><br>
</div>
<div>acl localnet src 172.16.0.0/12</div>
<div>http_access allow localnet</div>
<div><br>
</div>
</div>
</blockquote>
yes<br>
<br>
<blockquote cite="mid:BAY181-W19CC619B2AFE9F23C165CF0AA0@phx.gbl"
type="cite">
<div>
<div>Instead of denying everything access and manually
maintaining rules, I want to allow http/https access for
everything except explicitly defined ACLs (in this case the
facebook acl as a test).</div>
<div><br>
</div>
<div>I've tried to set debugging to debug_options ALL,1 33,2 to
see more info on ACLs (read on some site this is the debug
flags to set) but I don't see any ACL details in my access.log
file.</div>
<div><br>
</div>
<div>my squid.conf (for SQUID 3.3.3) file is below..</div>
<div><br>
</div>
<div>acl localnet src 10.0.0.0/8 # RFC1918 possible internal
network</div>
<div>acl localnet src 172.16.0.0/12 # RFC1918 possible internal
network</div>
<div>acl localnet src 192.168.0.0/16 # RFC1918 possible internal
network</div>
<div><br>
</div>
<div>acl SSL_ports port 443 8180 8443 563 1494 2598 8531</div>
<div>acl Safe_ports port 80<span> </span># http</div>
<div>acl Safe_ports port 81 <span> </span># http for
Pacific Brokerage</div>
<div>acl Safe_ports port 21<span> </span># ftp</div>
<div>acl Safe_ports port 443 563<span> </span># http</div>
<div>acl Safe_ports port 70<span> </span># gopher</div>
<div>acl Safe_ports port 210<span> </span># wais</div>
<div>acl Safe_ports port 280<span> </span># http-mgmt</div>
<div>acl Safe_ports port 488<span> </span># gss-http</div>
<div>acl Safe_ports port 591<span> </span># filemaker</div>
<div>acl Safe_ports port 777<span> </span># multiling http</div>
<div>acl Safe_ports port 8080 8081 8082 8088 8180</div>
<div>acl Safe_ports port 3128 <span> </span># Squid http
server</div>
<div>acl Safe_ports port 1494 2598 <span> </span># ICA -
Citrix</div>
<div>acl Safe_ports port 7000 8000 <span> </span># Oracle</div>
<div>acl Safe_ports port 9000 <span> </span># Oracle</div>
<div>acl Safe_ports port 8530<span> </span># WSUS</div>
<div>acl Safe_ports port 55905<span> </span># WSUS</div>
<div>acl Safe_ports port 1025-65535<span> </span># unregistered
ports</div>
<div>acl CONNECT method CONNECT</div>
<div><br>
</div>
<div>http_access allow localhost manager</div>
<div>http_access deny manager</div>
<div>http_access deny !Safe_ports</div>
<div>http_access deny CONNECT !SSL_ports</div>
<div>http_access deny to_localhost</div>
<div><br>
</div>
<div><b>acl ads dstdomain "/etc/squid/blacklists/ads/domains"</b></div>
<div><b>acl adult dstdomain
"/etc/squid/blacklists/adult/domains"</b></div>
<div><b>acl gambling dstdomain
"/etc/squid/blacklists/gambling/domains"</b></div>
<div><b>acl fb dstdomain .facebook.com</b></div>
<div><br>
</div>
<div>http_access allow localnet</div>
<div>http_access allow localhost</div>
<div><br>
</div>
<div><b>http_access deny ads adult gambling fb</b></div>
<div><br>
</div>
<div>http_access deny all</div>
<div><br>
</div>
<div>http_port 8080</div>
<div>dns_nameservers 172.16.11.3 172.16.11.2 172.16.11.1</div>
<div>visible_hostname www-proxy</div>
<div><br>
</div>
<div>hierarchy_stoplist cgi-bin ?</div>
<div><br>
</div>
<div>logformat oppy %ts.%03tu %6tr %>a %>A %Ss/%03>Hs
%<st %rm %ru %[un %Sh/%<a %mt</div>
<div>access_log daemon:/var/log/squid/access.log oppy</div>
<div>cache_store_log daemon:/var/log/squid/store.log</div>
<div>cache_log /var/log/squid/cache.log</div>
<div>cache_mem 64 MB</div>
<div>logfile_rotate 4</div>
<div>debug_options ALL,1</div>
<div># ACL Debug Options</div>
<div># debug_options ALL,1 33,2</div>
<div># debug_options ALL,1 33,2 28,9</div>
<div>coredump_dir /var/log/squid/squid</div>
<div><br>
</div>
<div>shutdown_lifetime 3 seconds</div>
<div>dns_v4_first on</div>
<div>retry_on_error on</div>
<div>forward_max_tries 25</div>
<div>forward_timeout 30 seconds</div>
<div>connect_timeout 30 seconds</div>
<div>read_timeout 30 seconds</div>
<div>request_timeout 30 seconds</div>
<div>persistent_request_timeout 1 minute</div>
<div><br>
</div>
<div>cache_dir ufs /var/cache/squid 100 16 256</div>
<div>cache_mgr <a class="moz-txt-link-abbreviated" href="mailto:ittechs@domain.com">ittechs@domain.com</a></div>
<div><br>
</div>
<div>snmp_port 0</div>
<div>icp_port 0</div>
<div>htcp_port 0</div>
<div><br>
</div>
<div>refresh_pattern ^ftp:<span> </span>1440<span> </span>20%<span>
</span>10080</div>
<div>refresh_pattern ^gopher:<span> </span>1440<span> </span>0%<span>
</span>1440</div>
<div>refresh_pattern -i (/cgi-bin/|\?) 0<span> </span>0%<span>
</span>0</div>
<div>refresh_pattern .<span> </span>0<span> </span>20%<span> </span>4320</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>