OK, I've tried it on my setup and the answer seems to be that you have your http_access statements in the wrong order; try re-arranging this section of squid.conf as follows:
> >> http_access allow manager localhost > >> http_access deny manager > >> http_access allow purge localhost > >> http_access deny purge > >> http_access deny !Safe_ports > >> http_access deny CONNECT !SSL_ports > >> http_access deny BanDomains > >> http_access allow localdomain AFAICT, squid uses the first matching ACL that it can find; because you had http_access allow localdomain at the head of the list, squid allows any request from localdomain without reference to subsequent controls. This would also make it important to place these http_access statements after those controlling access to the cachemanager, etc. On Fri, Mar 24, 2000 at 09:09:04PM +0100, [EMAIL PROTECTED] wrote > Yes, I ran /etc/init.d/squid restart to reload the config file and the > /etc/ban_domains.squid is readable to all, so this should no be a problem. > > Sven > > On 24-Mar-2000 John Pearson wrote: > > On Thu, Mar 23, 2000 at 11:13:42PM +0100, [EMAIL PROTECTED] wrote > >> Hi, > >> > >> I have some problems with squid and its ACLs. > >> > >> I'm using Debian 2.2 with Kernel 2.2.13 and squid 2.2STABLE5. > >> My ACL section in /etc/squid.conf looks like the following. > >> > >> acl all src 0.0.0.0/0.0.0.0 > >> acl manager proto cache_object > >> acl localhost src 127.0.0.1/255.255.255.255 > >> acl SSL_ports port 443 563 > >> acl Safe_ports port 80 21 443 563 70 210 1025-65535 > >> acl purge method PURGE > >> acl CONNECT method CONNECT > >> acl BanDomains dstdomain "/etc/ban_domains.squid" > >> acl localdomain srcdomain localdomain.own > >> : > >> http_access allow localdomain > >> http_access deny BanDomains > >> http_access allow manager localhost > >> http_access deny manager > >> http_access allow purge localhost > >> http_access deny purge > >> http_access deny !Safe_ports > >> http_access deny CONNECT !SSL_ports > >> > >> And the file /etc/ban_domains.squid looks like... > >> netscape.com > >> microsoft.com > >> msdn.com > >> realnetworks.com > >> > >> But when I try connect to www.microsoft.com the proxy rersolves the > >> hostname > >> and connects. (My browser is configured to use the proxy, of course...). > >> > >> Does anyone have an idea where I made a mistake? > >> > > HTH, John P. -- [EMAIL PROTECTED] [EMAIL PROTECTED] "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
