Re: [squid-users] blocking all destination domain except "www.bloomberg.com" and "www.bloomberg.de" .

[Prabu Subroto]

Wow.... You are right my friend. How could you know
that I should use "255.255.255.255" ? Good...

But why does my squid still not block the user
"sales"?
The "sales" user can still visit the sites out of
"www.bloomberg.de" and "www.bloomberg.com" ?

Please tell me.

Here is the important lines I have :
"
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl sales src 192.168.23.240-192.168.23.254/32
acl AllDomain dst 0.0.0.0/0.0.0.0
acl AllowedDomain dstdomain .bloomberg.com
.bloomberg.de
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
#Default:
#http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM
YOUR CLIENTS
#
# And finally deny all other access to this proxy
http_access allow localhost
acl password proxy_auth REQUIRED
#http_access allow all
http_access allow password
http_access allow sales AllowedDomain
http_access deny sales AllDomain
"
--- Ilker Gokhan <[EMAIL PROTECTED]> wrote:
> Prabu Subroto wrote:
> > Thank you my friend,
> > 
> > but why does it not block the access ? The "sales"
> > still can visit other sites not only
> "bloomberg.com"
> > and "bloomberg.de".
> > 
> > I got this messages if I shutdown my squid server
> :
> > "
> > transistor:~ # rcsquid stop
> > Shutting down WWW-proxy squid 2003/02/03 12:59:29|
> > aclParseIpData: WARNING: Netm                     
>    
> >                              ask masks away part
> of
> > the specified IP in
> > '192.168.23.240-192.168.23.254/255.25             
>    
> >                                      5.255.0'
> > 2003/02/03 12:59:29| squid.conf line 1465:
> http_access
> > allow sales AllowedDomain
> > 2003/02/03 12:59:29| aclParseAccessLine: ACL name
> > 'sales' not found.
> > 2003/02/03 12:59:29| squid.conf line 1466:
> http_access
> > deny sales AllDomain
> > 2003/02/03 12:59:29| aclParseAccessLine: ACL name
> > 'sales' not found.
> 
> use /32 (host mode) instead of c class (network
> mode-255.255.255.0) mask.
> 
> 
> Regards,
> Ilker G.
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com