On Sat, 15 Mar 2003 09:30:51 +0100 Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> "Jacob S." wrote: > > > Hello, > > > > Just a simple "acl unblockedsites url_regex -i > > "/etc/squid/unblock.txt"" > > > > There are other acls that could interfere but I've already checked > > and joker.com's not listed in any except for the "unblock.txt" file. > > Configuration's working great for all the other sites so far. > > See the Squid FAQ on how to debug access controls. > > Regards > Henrik Very helpful information from both the FAQ and the output of "debug_options ALL,1 33,2" in cache.log. I'm afraid I still can't crack the case though. Probably not the most efficient, but here's the full acls and how I'm applying them to only allow the desired sites along with my reasoning for how they're implemented: acl unblockedsites url_regex -i "/etc/squid/unblock.txt" acl blockedsites url_regex -i "/etc/squid/block.txt" acl semiblock url_regex -i "/etc/squid/semiblock.txt" http_access deny semiblock http_access deny blockedsites !unblockedsites # I want access to "unblockedsites", but not "blockedsites". # If I put ".something.tld" in unblockedsites, I can't block # "c.something.tld" in blockedsites, so I use semiblock instead. http_access deny all !unblockedsites # If it can't be accessed through the first two, then it should be # blocked. I guess I could probably just use http_access deny semiblock http_access deny all !unblockedsites but I have thoughts of custom error messages in the future, so I think it could be helpful to know the difference between explicit blocks and blocks that are simply because they're not on the unblock list. With the current acl setup, and debug_options set to "ALL,1 33,2", trying to go to www.joker.com from my browser yields the following result in cache.log: 2003/03/16 00:02:02| The request CONNECT joker.com:443 is DENIED, because it matched 'unblockedsites' If I add the line "joker.com" in unblock.txt, I see nothing in the log and am able to access it. Yet I already have ".joker.com" in unblock.txt so it seems it should still be allowed, according to the FAQ. Any more suggestions? Thanks, Jacob ----- GnuPG Key: 1024D/16377135 In a world without fences, who needs Gates? http://www.linux.org/
