> -----Original Message----- > From: Palula Brasil [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 01, 2006 1:29 AM > To: [email protected] > Subject: [squid-users] Blocked strings overriding permitted URL's > > > Hi there everyone! > > I'm having a problem regarding my squid configuration. > I read on the Visolve site that Squid reads the squid.conf > line by line and > that when it encounters a blocking line, it blocks but passes > on through > reading subsequent lines. And when it finds a line that matches a > permission, stops right away.
>From what I can see, Visolve still only has manuals for 2.4 and 3.0 (which is >not production ready yet). Disregard their website as a source of information >on 2.5. Squid will process access lists until it finds a matching entry >(irrespective of whether it is an allow or deny), so you want to put your >access lists in "specific" order (the more specific the match, the further up >the chain it should be). > > My problem is that, based on this, That is indeed the problem. > I wrote all of my blocking > rules above > the permissive lines and all has been working fine util this > problem I went > through yesterday. I have a file called bad_strings.acl wich > has a lot of > words for squid to block (i.e. hacker, cracker, serialz, > warez etc). And I > have a file of permitted URL's (permitted.acl) wich contains > URL's that > should be Ok to access. > > The problem is that I tried to access www.hackerwatch.org > yesterday and the > hit was blocked. Anyway it should because hackerwatch has the > string hacker > on the URL. So I added www.hackerwatch to the permitted.acl > (remember that > squid reads all the blocking rules but passes on until it > finds a positive) > and still the site is being blocked. Make a new acl using the dstdomain element such as... acl allowed_sites dstdomain .hackerwatch.org ...and put the matching "http_access allow" line above the line denying access to the list of words. > > Can somebody help me out? > Thanks a lot! > > Chris
