[squid-users] Whitelist domain ignored?
Jok Thuau
jok at spikes.com
Tue Oct 4 23:16:29 UTC 2016
On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal <
jetsystemservices at gmail.com> wrote:
> I do not know the correct terms to the problem I have.
>
> I have some clients that use a program that tries to connect to:
> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>
>
note that there is nothing between "//" and "neodecksoftware.com"...
[snip]
>
> ------------------------------------------------------------
> ----------------------------------
> 1475581614.208 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
> neodecksoftware.com:443 - HIER_NONE/- text/html
> 1475582327.774 0 192.168.1.20 TCP_DENIED/407 3917 CONNECT
> neodecksoftware.com:443 - HIER_NONE/- text/html
>
>
note that the ACL applies on that connect string. Specifically "
neodecksoftware.com"
> /var/squid/acl/whitelist.acl:
>
[snip]
> .assertus.com
> .neodecksoftware.com
your whitelist for this domain says that it has "something" followed by
that domain name...
>
> .office.net
[snip]
>
> # This file is automatically generated by pfSense
> # Do not edit manually !
>
> http_port 192.168.1.1:3128
> http_port 127.0.0.1:3128
>
[snip]
> acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
>
and your ACL refers to a regular expression...
> http_access allow manager localhost
>
[snip]
> # Always allow access to whitelist domains
> http_access allow whitelist
>
and you allow that whitelist...
in the end, your regular expression doesn't match.
"." means "any single character". you should replace that line with
something like this:
^neodecksoftware\.com
(this is untested).
Note that all your entries need adjusting as well (they may be working, but
not matching the way you think they do).
HTH,
Jok
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161004/099ab0e5/attachment.html>
More information about the squid-users
mailing list