On Saturday 26 July 2003 10:10 am, Henrik Nordstrom wrote:
> On Saturday 26 July 2003 05.37, Steve Snyder wrote:
> > Well, I don't see any reason for the delay. Here's all the
> > "http_access" references I've got. Note that the logged TCP_DENIED
> > I posted previously are the result of the 2nd "http_access" in
> > this list:
> >
> > http_access deny xupiter
>
> How is xupiter defined?
These are the lines I added to the default acl/http_access rules in
squid.conf:
acl snydernet src 192.168.0.0/255.255.255.0
acl xupiter dstdomain .xupiter.com
acl imrworldwide dstdomain .imrworldwide.com
acl hotbar dstdomain .hotbar.com
http_access deny xupiter
http_access deny imrworldwide
http_access deny hotbar
http_access allow snydernet
> Do you have any http_reply_access rules?
Just the one from the default 2.5 squid.conf:
http_reply_access allow all
> Do your Squid have any add-on patches from other vendors?
No, just the Squid 2.5S3 tarball + patches. The executables are built by
RedHat Package Manager on a RHL v7.3 system (all RH patches applied) with
this config:
%configure \
--exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid \
--localstatedir=/var --sysconfdir=/etc/squid \
--enable-removal-policies="heap,lru" \
--enable-storeio="aufs,coss,diskd,ufs" --enable-ssl \
--with-openssl=/usr/kerberos \
--enable-linux-netfilter \
--with-pthreads \
--enable-basic-auth-helpers="LDAP,NCSA,PAM,SMB,SASL,MSNT" \
--enable-ntlm-auth-helpers="SMB,winbind" \
--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,winbind_group"
\
--enable-err-languages=English
Hmmm... I just had a thought (whoa!). I am using the Adzapper
(squid_redirect) redirector. Do redirectors get a requested URL before
the access rules are applied?
Thanks for the response.
Received on Sat Jul 26 2003 - 11:35:48 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:17 MST