Tobias Rice wrote:
Purely a shot in the dark, but shouldn't you have http_access deny blocked just above http_access deny all? i.e. http_access allow localhost http_access deny !safe http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow remotes http_access deny blocked http_access deny all
Just guessing... I haven't used squid in years :) Good luck!
My understand was that squid would take the first match and run with it, ignoring checks on all the others.
In that chain, the client would hit http_access allow localnet and be authorized, and squid would never see to block them.
That's just my understanding, though. I could quite easily be wrong.
Grishnav wrote: | Hosts in blocked should be blocked, but they aren't. What am I missing? | | (And yes... "http_access allow remotes" is a stupid acl, but it works | without modifying the interface software.) | | acl localnet src 192.168.0.0/255.255.255.0 | acl all src 0.0.0.0/0.0.0.0 | acl localhost src 127.0.0.1/255.255.255.255 | acl remotes src 192.168.0.0/255.255.0.0 | acl blocked src 102.168.0.13/255.255.255.255 | | acl SSL_ports port 445 443 441 563 | acl safe port 80 | acl safe port 81 | acl safe port 21 | acl safe port 445 443 441 563 | acl safe port 70 | acl safe port 210 | acl safe port 1025-65535 | acl safe port 280 | acl safe port 488 | acl safe port 591 | acl safe port 777 | acl CONNECT method CONNECT | | http_access allow localhost | http_access deny !safe | http_access deny CONNECT !SSL_ports | http_access deny blocked | http_access allow localnet | http_access allow remotes | http_access deny all | | | _______________________________________________ | PDXLUG mailing list | [EMAIL PROTECTED] | http://pdxlug.org/mailman/listinfo/pdxlug
_______________________________________________ PDXLUG mailing list [EMAIL PROTECTED] http://pdxlug.org/mailman/listinfo/pdxlug
_______________________________________________ PDXLUG mailing list [EMAIL PROTECTED] http://pdxlug.org/mailman/listinfo/pdxlug
