Date: Sat, 5 Feb 2005 12:09:04 +0100 (CET) From: Henrik Nordstrom <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Squid Users <[email protected]> Subject: Re: [squid-users] Failing to serve cached objects On Sat, 5 Feb 2005 [EMAIL PROTECTED] wrote: > I moved my squid.conf to a newer build of Squid and, Voila! Cached objects > are now > being served. Good. > Pity ACL seems to be broken (all urls are accessible). Then inspect your http_access rules, and see the Squid FAQ Chapter 10 Access Controls. --------------------------------- I will be grateful if you will point out where I have gone wrong here. I thought that the last 3 ACLs defined All IP addresses, All URLs and HTTP protocol; and that the last 3 rules denied access to them. However I can still access www.sex.com from cache. I want it denied by default. # TAG: acl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl government urlpath_regex -i .gov acl education urlpath_regex -i .edu acl google dstdomain .google.com.au acl acenet dstdomain .acenet.com.au acl localnet src 192.168.100.0/24 acl ip dst 0.0.0.0/0.0.0.0 acl www urlpath_regex -i www. acl http proto HTTP # TAG: http_access #Recommended minimum configuration: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny to_localhost http_access allow government http_access allow education http_access allow google http_access allow acenet http_access allow localnet http_access deny ip http_access deny http http_access allow www # TAG: http_reply_access
