> # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > http_access allow myAllow all <---- becomes "http_access allow > all" after Netfilter REDIRECT is switched back on. > http_access deny myDeny all > http_access allow localhost > http_access allow intranet > # And finally deny all other access to this proxy > http_access deny all
Are you really sure the above is what you want?
http_access allow myAllow all
gives everyone in the whole world access to any sites matching "myAllow".
Yes, I want to allow more specific url_regex that matches myDeny, but should be allowed.
I have the firewall blocking port 3128 on the external interface, so http_access allow myAllow all is only for everybody who can access Squid on my internal interface.
I think what you want is
http_access allow localhost http_access allow myAllow intranet http_access deny myDeny http_acces allow intranet
I guess I'll change to http_access allow myAllow, but it still doesn't fix the issue. That URL's matching myDeny but not myAllow are going through - ie. 200
Regarding the Netfilter issue, what do you get in access.log?
1055808450.646 10 10.1.0.100 TCP_IMS_HIT/304 200 GET http://global.msads.net/ads/PROHO3/00292SI0005_D1.gif - NONE/- image/gif
But I have "/ads/" url_regex in myDeny ACL and no url_regex that would match the above in myAllow.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
