<div dir="ltr">hi all,<div><br></div><div>i have no idea why but my acl for url whitelist doesnt work anymore</div><div><br></div><div>this is the output of my parse </div><div><br></div><div>/usr/local/squid/sbin/squid -k parse<br>2023/01/12 15:10:56| Startup: Initializing Authentication Schemes ...<br>2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'basic'<br>2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'digest'<br>2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'negotiate'<br>2023/01/12 15:10:56| Startup: Initialized Authentication Scheme 'ntlm'<br>2023/01/12 15:10:56| Startup: Initialized Authentication.<br>2023/01/12 15:10:56| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)<br>2023/01/12 15:10:56| Processing: acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)<br>2023/01/12 15:10:56| Processing: acl localnet src <a href="http://10.0.0.0/8">10.0.0.0/8</a>            # RFC 1918 local private network (LAN)<br>2023/01/12 15:10:56| Processing: acl localnet src <a href="http://100.64.0.0/10">100.64.0.0/10</a>         # RFC 6598 shared address space (CGN)<br>2023/01/12 15:10:56| Processing: acl localnet src <a href="http://169.254.0.0/16">169.254.0.0/16</a>        # RFC 3927 link-local (directly plugged) machines<br>2023/01/12 15:10:56| Processing: acl localnet src <a href="http://172.16.0.0/12">172.16.0.0/12</a>         # RFC 1918 local private network (LAN)<br>2023/01/12 15:10:56| Processing: acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a>                # RFC 1918 local private network (LAN)<br>2023/01/12 15:10:56| Processing: acl localnet src fc00::/7              # RFC 4193 local private network range<br>2023/01/12 15:10:56| Processing: acl localnet src fe80::/10             # RFC 4291 link-local (directly plugged) machines<br>2023/01/12 15:10:56| Processing: acl SSL_ports port 443<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 80         # http<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 21         # ftp<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 443                # https<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 70         # gopher<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 210                # wais<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 1025-65535 # unregistered ports<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 280                # http-mgmt<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 488                # gss-http<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 591                # filemaker<br>2023/01/12 15:10:56| Processing: acl Safe_ports port 777                # multiling http<br>2023/01/12 15:10:56| Processing: acl CONNECT method CONNECT<br>2023/01/12 15:10:56| Processing: http_access allow localhost manager<br>2023/01/12 15:10:56| Processing: http_access deny manager<br>2023/01/12 15:10:56| Processing: include /usr/local/squid/etc/squidrules.conf<br>2023/01/12 15:10:56| Processing Configuration File: /usr/local/squid/etc/squidrules.conf (depth 1)<br>2023/01/12 15:10:56| Processing: acl DiscoverSNIHost at_step SslBump1<br>2023/01/12 15:10:56| Processing: acl NoSSLIntercept ssl::server_name_regex /usr/local/squid/etc/pubkey.txt<br>2023/01/12 15:10:56| Processing: ssl_bump peek DiscoverSNIHost<br>2023/01/12 15:10:56| Processing: ssl_bump splice NoSSLIntercept<br>2023/01/12 15:10:56| Processing: ssl_bump bump all<br>2023/01/12 15:10:56| Processing: http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB<br>2023/01/12 15:10:56| Processing: sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>2023/01/12 15:10:56| Processing: acl upmime req_mime_type /usr/local/squid/etc/mimedeny.txt<br>2023/01/12 15:10:56| Processing: acl url_links url_regex /usr/local/squid/etc/linksurl.txt<br>2023/01/12 15:10:56| Processing: acl special_url url_regex /usr/local/squid/etc/urlspecial.txt<br>2023/01/12 15:10:56| Processing: acl downmime rep_mime_type /usr/local/squid/etc/mimedeny.txt<br>2023/01/12 15:10:56| Processing: http_reply_access allow special_url<br>2023/01/12 15:10:56| Processing: http_reply_access deny downmime<br>2023/01/12 15:10:56| Processing: acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt<br>2023/01/12 15:10:56| Processing: acl activation port 80 443<br>2023/01/12 15:10:56| Processing: http_access allow activation whitelist<br>2023/01/12 15:10:56| Processing: http_access deny all<br>2023/01/12 15:10:56| Processing: http_access allow localnet<br>2023/01/12 15:10:56| Processing: http_access allow localhost<br>2023/01/12 15:10:56| Processing: http_access deny all<br>2023/01/12 15:10:56| Processing: coredump_dir /usr/local/squid/var/cache/squid<br>2023/01/12 15:10:56| Processing: refresh_pattern ^ftp:          1440    20%     10080<br>2023/01/12 15:10:56| Processing: refresh_pattern ^gopher:       1440    0%      1440<br>2023/01/12 15:10:56| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0<br>2023/01/12 15:10:56| Processing: refresh_pattern .              0       20%     4320<br>2023/01/12 15:10:56| Processing: icap_enable on<br>2023/01/12 15:10:56| Processing: adaptation_uses_indirect_client on<br>2023/01/12 15:10:56| Processing: icap_send_client_ip on<br>2023/01/12 15:10:56| Processing: icap_send_client_username on<br>2023/01/12 15:10:56| Processing: icap_client_username_header X-Authenticated-User<br>2023/01/12 15:10:56| Processing: icap_service service_req reqmod_precache bypass=0 icap://<a href="http://127.0.0.1:1344/squidclamav">127.0.0.1:1344/squidclamav</a><br>2023/01/12 15:10:56| Processing: adaptation_access service_req allow all<br>2023/01/12 15:10:56| Processing: icap_service service_resp respmod_precache bypass=0 icap://<a href="http://127.0.0.1:1344/squidclamav">127.0.0.1:1344/squidclamav</a><br>2023/01/12 15:10:56| Processing: adaptation_access service_resp allow all<br>2023/01/12 15:10:56| Initializing https:// proxy context<br>2023/01/12 15:10:56| Initializing http_port [::]:3128 TLS contexts<br>2023/01/12 15:10:56| Using certificate in /usr/local/squid/etc/ssl_cert/myCA.pem<br>2023/01/12 15:10:56| Using certificate chain in /usr/local/squid/etc/ssl_cert/myCA.pem<br>2023/01/12 15:10:56| Adding issuer CA: /C=XX/L=Default City/O=Default Company Ltd<br>2023/01/12 15:10:56| Using key in /usr/local/squid/etc/ssl_cert/myCA.pem</div><div><br></div><div>acl whitelist ssl::server_name_regex /usr/local/squid/etc/urlwhite.txt<br></div><div><br></div><div>and in the url whitelist file is <a href="http://adobe.com">adobe.com</a></div><div><br></div><div>(^|\.)<a href="http://adobe.com">adobe.com</a>$</div><div><br></div><div>but when i try to access on my browser "<a href="http://adobe.com">adobe.com</a>" i get the proxy access denied page</div><div><br></div><div>can anyone shed some light as im struggling to sort this out<br><div><br></div><div>thanks,</div><div>rob<br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Regards, <br><br>Robert K Wild.<br></div></div></div></div></div>