On Sunday 03 August 2003 19.17, ads squid wrote: > This is my acl code. > > #### > acl localnet src 192.168.0.0/255.255.255.0 > acl localhost src 127.0.0.1/255.255.255.255 > acl Safe_ports port 80 443 210 119 70 20 21 1025-65535 > acl CONNECT method CONNECT > acl all src 0.0.0.0/0.0.0.0 > > http_access allow localnet > http_access allow localhost
These two does not belong here... should be last, just before "deny all". http_access stops at the first matching line, anything beyond that line is ignored. > http_access deny !Safe_ports > > acl losers src 192.168.0.0/255.255.255.0 > acl 4CONN maxconn 4 > http_access deny 4CONN losers > > acl STOP1 src 192.168.0.23 > acl WORKING time MTWHF 09:30-22:38 > acl SITE dstdomain www.xyz.com > > http_access deny STOP1 WORKING SITE > http_access deny CONNECT > http_access deny all > ###### > > When I reconfigure Squid. > I get following error. > > ]# /usr/local/squid/sbin/squid -k reconfigure > 2003/08/03 22:46:44| WARNING: '192.168.0.23' is a subnetwork of > '192.168.0.23' 2003/08/03 22:46:44| WARNING: because of this > '192.168.0.23' is ignored to keep splay tree searching predictable > 2003/08/03 22:46:44| WARNING: You should probably remove > '192.168.0.23' from the ACL named 'STOP1' 2003/08/03 22:46:44| > WARNING: 'www.xyz.com' is a subdomain of 'www.xyz.com' 2003/08/03 > 22:46:44| WARNING: because of this 'www.xyz.com' is ignored to keep > splay tree searching predictable 2003/08/03 22:46:44| WARNING: You > should probably remove 'www.xyz.com' from the ACL named 'SITE' Appears you have acl definitions of STOP1 and SITE twice in your configuration file. Regards Henrik
