[squid-users] Squid3 config on Ubuntu remains even after uninstall and ignore the new config

Efe merhabakendim at gmail.com
Mon Nov 10 16:12:23 UTC 2014


It's the websites i want to block & unblock occasionaly as in:
squid.conf:
    acl myrule dstdom_regex "/etc/squid3/domainblock.txt"
    http_access deny myrule

where domainblock.txt is

    someaddress.com
    blockthis.net

Now whenever i enter someaddress.com url & hit enter, it (squid or
something on the network level) redirects to the localhost page. That's
fine as long as i want to restrict access to that website.

Problem is, changing config "http_access allow myrule" and reconfiguring,
parsing and restarting squid and then the computer does not change
anything, i.e i still cant access someaddress.com. Removed the settings
from config, no luck again.

As i said, iptables is empty. So what might be the reason then?



On Mon, Nov 10, 2014 at 5:45 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/11/2014 2:58 a.m., Efe wrote:
> > Thank you for your reply. I've managed to retrieve uncommented
> > config lines:
> >
> > $ grep -P '^\s*\w' /etc/squid3/squid.conf
> >
> > acl localnet src 192.168.0.101  # RFC1918 possible internal
> > network acl SSL_ports port 443 acl Safe_ports port 80      # http
> > acl Safe_ports port 21      # ftp acl Safe_ports port 443     #
> > https acl Safe_ports port 70      # gopher acl Safe_ports port 210
> > # wais acl Safe_ports port 1025-65535  # unregistered ports acl
> > Safe_ports port 280     # http-mgmt acl Safe_ports port 488     #
> > gss-http acl Safe_ports port 591     # filemaker acl Safe_ports
> > port 777     # multiling http acl CONNECT method CONNECT
> > http_access deny !Safe_ports http_access deny CONNECT !SSL_ports
> > acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access
> > allow myrule cache deny all http_access allow localhost manager
> > http_access deny manager acl Purge method PURGE http_access deny
> > Purge http_access allow localhost http_port 3128 coredump_dir
> > /var/spool/squid3 refresh_pattern ^ftp:       1440    20% 10080
> > refresh_pattern ^gopher:    1440    0%  1440 refresh_pattern -i
> > (/cgi-bin/|\?) 0 0%  0 refresh_pattern (Release|Packages(.gz)*)$
> > 0       20%     2880 refresh_pattern .       0   20% 4320
> >
> > If helps, iptables is empty and netstat status is $ sudo netstat
> > -nltp | grep squid tcp6       0      0 :::3128
> > :::* LISTEN      20292/(squid-1)
> >
> > Version info: $ sudo apt-cache policy squid3 squid3: Installed:
> > 3.3.8-1ubuntu6.1 Candidate: 3.3.8-1ubuntu6.1 Version table: ***
> > 3.3.8-1ubuntu6.1 0 500 http://archive.ubuntu.com/ubuntu/
> > trusty-updates/main i386 Packages 500
> > http://archive.ubuntu.com/ubuntu/ trusty-security/main i386
> > Packages 100 /var/lib/dpkg/status 3.3.8-1ubuntu6 0 500
> > http://archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
> >
> > Proof that squid is running: $ ps ax | grep squid 20290 ?        Ss
> > 0:00 squid3 20292 ?        S      0:06 (squid-1) 31535 ?        S
> > 0:00 (logfile-daemon) /var/log/squid3/access.log 31720 pts/28   S+
> > 0:00 grep --color=auto squid
> >
> > Maybe i used the wrong terminology as "redirect". B/c whenever the
> > website in the blocklist is called, localhost page of my LAMP shows
> > up.
> >
> > So, what i want to achieve in the end is blocking and sometimes
> > unblocking a list of websites based on their domain name. Problem
> > is even the config is changed to "http_access allow myrule" it
> > doesnt reflect allow/deny options accordingly anymore. At this
> > moment, the websites in the list are still non-accessible.
> >
>
> Let me guess,  you are testing this with a browser URL
> http://192.168.whatever:3128/ or even just http://192.168.whatever/
> and it shows your LAMP server page?
>
> You seem to have missed out all the bits of the setup which make the
> browser use the proxy rather than just connecting directly to Apache
> in the LAMP stack.
> You may need to read through this:
>  http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUYN2bAAoJELJo5wb/XPRj5VMIANLLVIb8kjqk5BiycDBAH1MR
> 5qA896B3hhcoVEgFIH2lxSzFVBXJBFSwcjXnZN9nkqf5b7/t6k58hY3+56+UfZSF
> xO7tHOy/mvtCNA+ol7JlyVz+MvgaKMRqzXdAnJdP3OrhQ4g75WfGKCxoCBBwPNgU
> 5gD7rSSQq8PpD0uBNuHV8SDwwKkYaoYtoqAs1OWD5p+WbyAylYZB7cJKKgex1+d9
> nPqGIlaRLaWRJzcTDFUW0C3B0zIggIv5GRNsO50gqqQZ0Xb9F3Iy5aDOwyiyiCYn
> LmlRADaoqf4MWfBh+nmmufcwUcfsAGknI7tStk3dXCzNQNA9O2gy3e7s+H+7Poo=
> =A5vS
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141110/ac9f8f4e/attachment-0001.html>


More information about the squid-users mailing list