On Mon, Feb 05, 2007 at 11:52:50PM +0100, Henrik Nordstrom wrote:
>
> Upgrade to 2.6 and there is considerably less risk of doing so..
Ta, I'm using the OS's pre-built binary package at the moment.
>
> > http_access allow all
>
> Your problem is here... you should only allow access to your site(s).
> See the dstdomain acl.
>
$ egrep '^acl|^http_' /etc/squid/squid.conf
http_port localhost:3128
http_port twig.birch:3128
http_port branch.birch:80
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl accel_host dst 192.168.186.20/255.255.255.255
acl accel_port port 80
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl local-servers dstdomain .kepax.co.uk
http_access allow local-servers
http_access deny all
http_reply_access allow all
1170718788.672 344 212.20.230.11 TCP_MEM_HIT/200 2245 GET http://www.kepax.co.uk - NONE/- text/html
1170718805.802 124 212.20.230.11 TCP_DENIED/403 1368 GET http://www.squid-cache.org - NONE/- text/html
Thankyou for your help.
-- Craig Skinner | http://www.kepax.co.uk | aye-right@kepax.co.ukReceived on Mon Feb 05 2007 - 16:53:56 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST