[squid-users] Access Log Question
Amos Jeffries
squid3 at treenet.co.nz
Wed Nov 13 22:27:34 UTC 2024
On 14/11/24 02:39, Matus UHLAR - fantomas wrote:
> On 13.11.24 13:00, Piana, Josh wrote:
>> Is this because I'm defining the localnet and then the response rule
>> just allows all traffic from this network?
>>
>> My intention was to specify the localnet, then allow traffic from that
>> network as it filters through all the other ACL's. So should I remove
>> the rule entirely or change the order?
>
> you did not allow "from that network", you have allowed traffic "to that
> network" because localnet is defined as "dst "
> - this may cause confusion, I recomment changing this acl to "to_localnet"
Ouch. Yes quite right. Thank you Matus.
>
> I believe your problem is:
>
> http_access allow !bad_exception_urls
>
> - here you allowed access to anywhere except the URLS in /etc/squid/
> bad_exception_urls, so further http_access rules will get evaluated only
> if someone tried to access URLs in that file.
>
> I guess you want to deny access to them thus use instead:
>
> acl bad_exception_urls url_regex -i "/etc/squid/bad_exception_urls"
> http_access deny bad_exception_urls
>
>
> also note that url_regex rules may be very CPU intensive, you should
> avoid them
>
Cheers
Amos
More information about the squid-users
mailing list