Re: [squid-users] blocking all destination domain except "www.bloomberg.com" and "www.bloomberg.de" . from Prabu Subroto on 2003-02-03 (squid-users)

From: Prabu Subroto <prabusubroto@dont-contact.us>
Date: Mon, 3 Feb 2003 04:25:44 -0800 (PST)

Wow.... You are right my friend. How could you know
that I should use "255.255.255.255" ? Good...

But why does my squid still not block the user
"sales"?
The "sales" user can still visit the sites out of
"www.bloomberg.de" and "www.bloomberg.com" ?

Please tell me.

Here is the important lines I have :
"
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl sales src 192.168.23.240-192.168.23.254/32
acl AllDomain dst 0.0.0.0/0.0.0.0
acl AllowedDomain dstdomain .bloomberg.com
.bloomberg.de
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
#Default:
#http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM
YOUR CLIENTS
#
# And finally deny all other access to this proxy
http_access allow localhost
acl password proxy_auth REQUIRED
#http_access allow all
http_access allow password
http_access allow sales AllowedDomain
http_access deny sales AllDomain
"
--- Ilker Gokhan <ilker.gokhan@linux.org.tr> wrote:
> Prabu Subroto wrote:
> > Thank you my friend,
> >
> > but why does it not block the access ? The "sales"
> > still can visit other sites not only
> "bloomberg.com"
> > and "bloomberg.de".
> >
> > I got this messages if I shutdown my squid server
> :
> > "
> > transistor:~ # rcsquid stop
> > Shutting down WWW-proxy squid 2003/02/03 12:59:29|
> > aclParseIpData: WARNING: Netm
>
> > ask masks away part
> of
> > the specified IP in
> > '192.168.23.240-192.168.23.254/255.25
>
> > 5.255.0'
> > 2003/02/03 12:59:29| squid.conf line 1465:
> http_access
> > allow sales AllowedDomain
> > 2003/02/03 12:59:29| aclParseAccessLine: ACL name
> > 'sales' not found.
> > 2003/02/03 12:59:29| squid.conf line 1466:
> http_access
> > deny sales AllDomain
> > 2003/02/03 12:59:29| aclParseAccessLine: ACL name
> > 'sales' not found.
>
> use /32 (host mode) instead of c class (network
> mode-255.255.255.0) mask.
>
>
> Regards,
> Ilker G.
>

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Received on Mon Feb 03 2003 - 05:25:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:13 MST