Yes, I ran /etc/init.d/squid restart to reload the config file and the /etc/ban_domains.squid is readable to all, so this should no be a problem.
Sven On 24-Mar-2000 John Pearson wrote: > On Thu, Mar 23, 2000 at 11:13:42PM +0100, [EMAIL PROTECTED] wrote >> Hi, >> >> I have some problems with squid and its ACLs. >> >> I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5. >> My ACL section in /etc/squid.conf looks like the following. >> >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1/255.255.255.255 >> acl SSL_ports port 443 563 >> acl Safe_ports port 80 21 443 563 70 210 1025-65535 >> acl purge method PURGE >> acl CONNECT method CONNECT >> acl BanDomains dstdomain "/etc/ban_domains.squid" >> acl localdomain srcdomain localdomain.own >> : >> http_access allow localdomain >> http_access deny BanDomains >> http_access allow manager localhost >> http_access deny manager >> http_access allow purge localhost >> http_access deny purge >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> >> And the file /etc/ban_domains.squid looks like... >> netscape.com >> microsoft.com >> msdn.com >> realnetworks.com >> >> But when I try connect to www.microsoft.com the proxy rersolves the hostname >> and connects. (My browser is configured to use the proxy, of course...). >> >> Does anyone have an idea where I made a mistake? >> > > I'm assuming that squid's "file" ACLs work; I've never used them myself. > > Is /etc/ban_domains.squid readable by the user which Squid is running > as? Have you done /etc/init.d/squid reload since adding those > domains to the file? > > > John P. > -- > [EMAIL PROTECTED] > [EMAIL PROTECTED] > "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < > /dev/null ---------------------------------- Please reply only to [EMAIL PROTECTED] ---------------------------------- Date: 24-Mar-2000 Time: 21:07:50 ----------------------------------
