[squid-users] Access Log Question
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Nov 13 13:39:57 UTC 2024
On 13.11.24 13:00, Piana, Josh wrote:
> Is this because I'm defining the localnet and then the response rule just
> allows all traffic from this network?
>
> My intention was to specify the localnet, then allow traffic from that
> network as it filters through all the other ACL's. So should I remove the
> rule entirely or change the order?
you did not allow "from that network", you have allowed traffic "to that
network" because localnet is defined as "dst "
- this may cause confusion, I recomment changing this acl to "to_localnet"
I believe your problem is:
http_access allow !bad_exception_urls
- here you allowed access to anywhere except the URLS in
/etc/squid/bad_exception_urls, so further http_access rules will get
evaluated only if someone tried to access URLs in that file.
I guess you want to deny access to them thus use instead:
acl bad_exception_urls url_regex -i "/etc/squid/bad_exception_urls"
http_access deny bad_exception_urls
also note that url_regex rules may be very CPU intensive, you should avoid
them
>-----Original Message-----
>From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
>Sent: Tuesday, November 12, 2024 11:44 PM
>To: squid-users at lists.squid-cache.org
>Subject: Re: [squid-users] Access Log Question
>
>Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
>12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735 CONNECT
>http://www.safgard.com:443/ - \ HIER_DIRECT/206.188.0.52 - -/-
>
>
>> acl localnet dst 10.0.0.0/8
>
>...
>
>> http_access allow localnet
>>
>
>.. never gets here.
>
>> http_access deny !kerb-auth
>> http_access allow kerb-auth
>> http_access deny all
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
More information about the squid-users
mailing list