"Jacob S." wrote: > acl unblockedsites url_regex -i "/etc/squid/unblock.txt" > acl blockedsites url_regex -i "/etc/squid/block.txt" > acl semiblock url_regex -i "/etc/squid/semiblock.txt" > > http_access deny semiblock > http_access deny blockedsites !unblockedsites > # I want access to "unblockedsites", but not "blockedsites". > # If I put ".something.tld" in unblockedsites, I can't block > # "c.something.tld" in blockedsites, so I use semiblock instead. > > http_access deny all !unblockedsites > # If it can't be accessed through the first two, then it should be > # blocked. > > I guess I could probably just use > http_access deny semiblock > http_access deny all !unblockedsites > but I have thoughts of custom error messages in the future, so I think > it could be helpful to know the difference between explicit blocks and > blocks that are simply because they're not on the unblock list. > > With the current acl setup, and debug_options set to "ALL,1 33,2", > trying to go to www.joker.com from my browser yields the following > result in cache.log: > > 2003/03/16 00:02:02| The request CONNECT joker.com:443 is DENIED, > because it matched 'unblockedsites'
With your setup this is either http_access deny blockedsites !unblockedsites or http_access deny !unblockedsites > If I add the line "joker.com" in unblock.txt, I see nothing in the log > and am able to access it. Yet I already have ".joker.com" in unblock.txt > so it seems it should still be allowed, according to the FAQ. If you have .joker.com then adding joker.com should not make any difference, and in fact can make your acl unreliable as the two overlaps. "squid -k parse" should warn you if you attempt such configuration. > Any more suggestions? If "squid -k parse" does not warn you when you have both .joker.com and joker.com then doublecheck the definition of .joker.com . Maybe there is some odd character around .joker.com which makes Squid misunderstand the definition. Other than this, try upgrading to Squid-2.5, the currently supported Squid version. Squid-2.4 is no longer maintained by the Squid developers as Squid-2.5 is the current STABLE release. Only at most three releases are maintained by the Squid developers: * the current STABLE release for production use, currently Squid-2.5. * PRE releases of the next major Squid release for testing purposes. currently none. * DEVEL snapshots of the current development sources for people who develop Squid. currently this is what will become Squid-3.0. Regards Henrik
