[squid-users] ACL matches when it shouldn't
Amos Jeffries
squid3 at treenet.co.nz
Tue Sep 29 14:08:38 UTC 2020
On 30/09/20 2:27 am, Vieri wrote:
> Hi,
>
> I have a url_regex ACL loaded with this file:
>
> https://drive.google.com/file/d/1C5aZqPfMD3qlVP8zvm67c9ZnXUfz-cEW/view?usp=sharing
>
> Then I have an access denial like so:
>
> http_access deny bad_dst_urls
>
> Problem is that I am not expecting to block, eg. https://www.google.com, but I am.
> I know it's this ACL because if I remove the htttp_access deny line above, the browser can access just fine.
>
> I've been looking around this file for possible matches for google.com, but there shouldn't be.
None of the file entries are anchored regex. So any one of them could match.
>
> Can anyone please let me know if there's a match, or how to enable debugging to see which record in this ACL is actually triggering the denial?
To do that we will need to see the complete and exact URL which is being
blocked incorrectly.
NP: a large number of that files entries can be far more efficiently
blocked using the dstdomain ACL type. For example:
acl blacklist dstdomain .appspot.com
Amos
More information about the squid-users
mailing list