Centos – Squid dstdom_regex not working

centosPROXYsquid

I want to deny all URL beginning by iso, in squid 3.2.3
So, I've put in squid.conf:

  acl torrent_sites dstdom_regex -i iso
  acl music_sites dstdom_regex -i music

and my http control like:

  http_access allow localhost
  http_access allow localnetp1
  http_access deny torrent_sites localnetp1
  http_access deny music_sites
  http_access deny ftp_request
  http_access deny localnetp1 norm_conn
  http_access deny all

but i can enter to the page isohunt.com, why?

Best Answer

Rules are processed in order. Once an http_access allow has been reached processing stops and the connection is permitted. What is the localnetp1 ACL doing? Does that happen to be a src acl with a list of all your IP addresses perhaps?

Your rules generally be ordered like thisgo

# all the specific denies first
http_access deny asdf
http_access deny sdfa
# any explicit allows
http_access allow dfas
# deny everything else
http_access deny all

Related Solutions

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

You must tell squid that it is setup as a transparent system

Instead of

http_port 3128

You need

# enable the transparent option for interception caching
http_port 3128 transparent

Limiting users on a Squid proxy server

You simply need to check the authentication feature doc for squid which is available at

http://wiki.squid-cache.org/Features/Authentication

There are a number of authentication methods available with squid and everything is well documented in the above link. Go through it and choose the appropriate one for you.

Best Answer

Related Solutions

Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

Limiting users on a Squid proxy server

Related Topic