Re: [squid-users] Access Log Question

Wed, 13 Nov 2024 05:40:05 -0800 

On 13.11.24 13:00, Piana, Josh wrote:
Is this because I'm defining the localnet and then the response rule just allows all traffic from this network? 


My intention was to specify the localnet, then allow traffic from that 
network as it filters through all the other ACL's.  So should I remove the 
rule entirely or change the order?



you did not allow "from that network", you have allowed traffic "to that 
network" because localnet is defined as "dst "

- this may cause confusion, I recomment changing this acl to "to_localnet"

I believe your problem is:

http_access allow !bad_exception_urls


- here you allowed access to anywhere except the URLS in 
/etc/squid/bad_exception_urls, so further http_access rules will get 
evaluated only if someone tried to access URLs in that file.


I guess you want to deny access to them thus use instead:

acl bad_exception_urls url_regex -i "/etc/squid/bad_exception_urls"
http_access deny bad_exception_urls



also note that url_regex rules may be very CPU intensive, you should avoid 
them



-----Original Message-----
From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of Amos 
Jeffries
Sent: Tuesday, November 12, 2024 11:44 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Access Log Question

Caution: This email originated from outside of Hexcel. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.


12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735 CONNECT
http://www.safgard.com:443/ - \ HIER_DIRECT/206.188.0.52 - -/-



acl localnet dst 10.0.0.0/8


...


http_access allow localnet



.. never gets here.


http_access deny !kerb-auth
http_access allow kerb-auth
http_access deny all


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users






















					Reply via email to