On Tue, 24 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
egrep -v '^$|^#' /etc/squid.conf |grep http_access -i http_access allow manager localhost http_access deny manager http_access allow KIOSK KIOSK.dstdomain
Shouldn't there be a
http_access deny KIOSK
here?
if not the KIOSK is allowed to access YAHOOMESSENGER, AOL, NONPORN and maybe more.. (not all your acl names is obvious)
http_access allow PAGING AIRMAIL http_access deny BLOCK.NOT.YAHOO YAHOOMESSENGER http_access allow YAHOOMESSENGER http_access deny AOL BLOCK.NOT.AOL http_access allow AOL http_access deny lab.dstdomain lab.src http_access allow guad.lab.src http_access allow LOG-ONLY-HOSTS http_access deny NO.NONBLOCK NONBLOCK http_access allow NONBLOCK http_access allow NONPORN http_access deny BLOCK http_access deny MIMEBLOCK http_access deny RESTRICTED-BROWSER http_access deny RESTRICTED-DOM http_access allow PERMITTED-HOSTS
You are aware that each allow you have above not combined with a src type acl allows everyone in the whole world access to those sites?
http_access allow manager ADMIN-HOSTS http_access deny manager
These two lines can never be reached. The first should be moved up to the top, the second deleted.
http_access deny !Safe_ports http_access deny CONNECT !SSL_ports
These two should be before your very first allow rule.
http_access deny to_localhost
Having this at the end makes no sense. Should be before where you allow access as you can not deny what you have already allowed or the reverse.
http_access deny all
Regards Henrik
