<div dir="ltr"><div class="gmail_quote"><div>Hi everyone,</div><br><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">I'm trying to deny all urls except for only whitelisted regular expressions. I have only this regular expression in my file "squid_sites.txt"</div><div dir="ltr"><br></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div><div><font face="monospace, monospace" size="1">^<a href="https://wiki.squid-cache.org/SquidFaq/SquidAcl.*" target="_blank">https://wiki.squid-cache.org/SquidFaq/SquidAcl.*</a></font></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><br></div><div>My "squid.conf"</div><div dir="ltr"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><br></div><div><font face="monospace, monospace" size="1">debug_options 28,7</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Global settings define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">http_port 3128</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Authorization rules define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Networks define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">acl localnet src <a href="http://10.5.0.0/1" target="_blank">10.5.0.0/1</a></font></div><div><font face="monospace, monospace" size="1">acl localnet src <a href="http://172.16.0.0/16" target="_blank">172.16.0.0/16</a></font></div><div><font face="monospace, monospace" size="1">acl localnet src fc00::/7</font></div><div><font face="monospace, monospace" size="1">acl localnet src fe80::/10</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Ports define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">acl SSL_ports port 443 # https</font></div><div><font face="monospace, monospace" size="1">acl SSL_ports port 22 # SSH</font></div><div><font face="monospace, monospace" size="1">acl Safe_ports port 80 # http</font></div><div><font face="monospace, monospace" size="1">acl Safe_ports port 443 # https</font></div><div><font face="monospace, monospace" size="1">acl Safe_ports port 22 # SSH</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">acl purge method PURGE</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">acl CONNECT method CONNECT</font></div><div><br></div><div><font face="monospace, monospace" size="1">acl bastion src <a href="http://10.5.0.0/1" target="_blank">10.5.0.0/1</a></font></div><div><font face="monospace, monospace" size="1">acl whitelist url_regex "/vagrant/squid_sites.txt"</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Rules define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">http_access allow manager localhost</font></div><div><font face="monospace, monospace" size="1">http_access deny manager</font></div><div><font face="monospace, monospace" size="1">http_access deny !Safe_ports</font></div><div><font face="monospace, monospace" size="1">http_access allow localhost</font></div><div><font face="monospace, monospace" size="1">http_access allow purge localhost</font></div><div><font face="monospace, monospace" size="1">http_access deny purge</font></div><div><font face="monospace, monospace" size="1">http_access deny CONNECT !SSL_ports</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">http_access allow bastion whitelist</font></div><div><font face="monospace, monospace" size="1">http_access deny bastion all</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"># http_access deny all</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1">### Secondary global settings define</font></div><div><font face="monospace, monospace" size="1">###</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"># icp_access allow localnet</font></div><div><font face="monospace, monospace" size="1"># icp_access deny all</font></div><div><font face="monospace, monospace" size="1">#</font></div><div><font face="monospace, monospace" size="1"># htcp_access allow localnet</font></div><div><font face="monospace, monospace" size="1"># htcp_access deny all</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1"># Add any of your own refresh_pattern entries above these.</font></div><div><font face="monospace, monospace" size="1">access_log /var/log/squid3/access.log squid</font></div><div><font face="monospace, monospace" size="1">cache_log /var/log/squid3/cache.log squid</font></div><div><font face="monospace, monospace" size="1">cache_store_log /var/log/squid3/store.log squid</font></div><div><font face="monospace, monospace" size="1"><br></font></div><div><font face="monospace, monospace" size="1">refresh_pattern ^ftp: 1440 20% 10080</font></div><div><font face="monospace, monospace" size="1">refresh_pattern ^gopher: 1440 0% 1440</font></div><div><font face="monospace, monospace" size="1">refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</font></div><div><font face="monospace, monospace" size="1">refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880</font></div><div><br></div><div><font face="monospace, monospace" size="1">coredump_dir /var/spool/squid3</font></div><div><font face="monospace, monospace" size="1">maximum_object_size 1024 MB</font></div><div><font face="monospace, monospace" size="1">cache_mem 2048 MB</font></div></blockquote></div><div dir="ltr"><br></div><div>I tried enabling debugging and tailing /var/log/squid3/cache.log but my curl statement keeps matching "all".</div><div><br></div></div></div></div></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><div><div><div><div><font face="monospace, monospace" size="1">$ curl -sSL --proxy localhost:3128 -D - "<a href="https://wiki.squid-cache.org/SquidFaq/SquidAcl" target="_blank">https://wiki.squid-cache.org/SquidFaq/SquidAcl</a>" -o /dev/null 2>&1 | grep Squid</font></div></div></div></div></div></div><div><div><div><div><div><div><font face="monospace, monospace" size="1">X-Squid-Error: ERR_ACCESS_DENIED 0</font></div></div></div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>Any ideas what I'm doing wrong?</div><div><br></div><div>Thank you.</div></div></div></div></div></div></div>
</div></div>