Hello Ma.Teo (aka: Loop),
One, when using "dstdomain", I would recommend using a domain reference and not a host reference.
A domain reference for LavaSoft would be like: .lavasoftusa.com
A host reference, like what you used, is: www.lavasoftusa.com
Hopefully what you've shown in you last message is only a fragment of your complete Squid configuration, if not you are missing many things.
In your last message, the segment you state works, is not even using any control for the site "www.lavasoftusa.com". The acl you defined is not used.
Why the second set of configuration syntax does not work, I am not sure. A more complete squid.conf would be:
===================================================================================
# ----------------------------------------------------------------------
http_port 10.1.0.10:8080
# ---------------------------------------------------------------------- hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY
cache_effective_user squid cache_dir ufs C:/squid/var 100 16 256 cache_access_log C:/squid/var/access.log cache_log C:/squid/var/cache.log cache_store_log C:/squid/var/store.log
cache_mgr [EMAIL PROTECTED]
#
cachemgr_passwd password 5min
cachemgr_passwd password 60min
cachemgr_passwd password asndb
cachemgr_passwd password authenticator
cachemgr_passwd password cbdata
cachemgr_passwd password client_list
cachemgr_passwd password comm_incoming
cachemgr_passwd password config *
cachemgr_passwd password counters
cachemgr_passwd password delay
cachemgr_passwd password digest_stats
cachemgr_passwd password dns
cachemgr_passwd password events
cachemgr_passwd password filedescriptors
cachemgr_passwd password fqdncache
cachemgr_passwd password histograms
cachemgr_passwd password http_headers
cachemgr_passwd password info
cachemgr_passwd password io
cachemgr_passwd password ipcache
cachemgr_passwd password mem
cachemgr_passwd password menu
cachemgr_passwd password netdb
cachemgr_passwd password non_peers
cachemgr_passwd password objects
cachemgr_passwd password pconn
cachemgr_passwd password peer_select
cachemgr_passwd password redirector
cachemgr_passwd password refresh
cachemgr_passwd password server_list
# cachemgr_passwd password shutdown *
cachemgr_passwd password store_digest
cachemgr_passwd password storedir
cachemgr_passwd password utilization
cachemgr_passwd password via_headers
cachemgr_passwd password vm_objects
# ----------------------------------------------------------------------
auth_param basic program C:/squid/libexec/squid_ldap_auth.exe -h ldap.adinet.com.uy -p 389 -P -b o=adinet -f "(uid=%s)"
auth_param basic children 20 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 5 minute
external_acl_type ldap_group %LOGIN C:/squid/libexec/squid_ldap_group.exe -h ldap.adinet.com.uy -p 389 -P -b o=adinet -F "(uid=%s)" -f "(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
# ---------------------------------------------------------------------- # Default Squid ACL's acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 21 acl Safe_ports port 70 acl Safe_ports port 80 acl Safe_ports port 210 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 443 563 acl Safe_ports port 591 acl Safe_ports port 1025-65535 acl CONNECT method CONNECT
# ---------------------------------------------------------------------- # KCL Defined ACL's and http_access definitions. acl kcl_users proxy_auth REQUIRED acl kcl_networks src 10.1.0.0/16 acl dmz_networks src 100.200.10.46/28
# LDAP group acl definitions. # # Proxy acl proxy_groups external ldap_group proxy proxy_a proxy_b proxy_c
http_access allow manager localhost http_access allow manager kcl_networks http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports
# ---------------------------------------------------------------------- # Note, deny rules must exist before any allow rules. # acl no_kazaa dstdomain .kazaa.com acl no_puretracks dstdomain .puretracks.com http_access deny no_kazaa http_access deny no_puretracks
# # Open access web addresses. # acl open_lavasoft_de_edgesuite_net dstdomain .lavasoft.de.edgesuite.net http_access allow kcl_networks open_lavasoft_de_edgesuite_net
# ---------------------------------------------------------------------- # Allow all proxy users to all web addresses. # http_access allow kcl_networks proxy_groups
# ---------------------------------------------------------------------- http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all
# ---------------------------------------------------------------------- coredump_dir C:/squid/var ===================================================================================
Note, this example is from a SquidNT installation. The path log files, data stores, and external helpers would need to be adjusted for a UNIX (LINUX) deployment.
Tim
----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 -----------------------------------------------------------
loop wrote:
TIM:
If i put this:
acl localnet src 10.1.0.0/16 acl lavasoft dstdomain www.lavasoftusa.com http_access allow localnet
The AD-AWARE does work fine, but if i put this (you proposal):
acl localnet src 10.1.0.0/16 acl lavasoft dstdomain www.lavasoftusa.com http_access allow localnet lavasoft
The AD-AWARE does not work. Why?, because with the first setup (without "lavasoft" parameter) i permit to all "localnet" without authentication.
What can i do?
loop.-
----- Original Message ----- From: "Tim Neto" <[EMAIL PROTECTED]>
To: "loop" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, December 10, 2004 1:28 PM
Subject: Re: [squid-users] ADWARE
SQUID?Hello,
Are you using authentication with your Squid proxying? If so, using an acl and an http_access allow unauthenticated access to LavaSoft's update site. Like: acl open_lavasoft_de_edgesuite_net dstdomain .lavasoft.de.edgesuite.net and http_access allow mynetworks open_lavasoft_de_edgesuite_net
Tim
----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 -----------------------------------------------------------
loop wrote:
Sorry the software name is: AD-AWARE of LAVASOFT.
loop.-
----- Original Message ----- From: "loop" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 10, 2004 2:04 PM
Subject: [squid-users] ADWARE
HI, GUYS...
SOMEBODY KNOWS WHY I CANNOT UPDATE THE "ADWARE SOFTWARE" BEHIND THE
THE SQUID VERSION IS: Squid Cache: Version 2.5.STABLE5.
Thanks...a lot
loop.-
