ACL not working in Squid
Hey, i m using this squid.conf in Redhat E3,Squid Server. On my client Computers(windowsXP), these acl url_regex is not working Until i specify the ip address in the internet explorer setting (Internet Options -> Connections ->LAN Setting -> Proxy Server)manually. if i specify the ip in the setting of internet explorer proxy setting then acl url_regex works properly, but if some user uses AUTOMATICALLY DETECT SETTING and disable proxy server ip in the internet explorer setting, then this acl dont work.
........................... http_port 80 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl local_lan src 192.168.1.0/24 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl blocked1 url_regex movie acl blocked2 url_regex porn acl blocked3 url_regex boobs acl blocked4 url_regex casino acl blocked5 url_regex fuck http_access deny blocked1 http_access deny blocked2 http_access deny blocked3 http_access deny blocked4 http_access deny blocked5 http_access allow local_lan http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid |
if you are concerend because they are able to bypass squid, then what you probably should do is configure squid in transparent mode... this way they don't even need to configure anything on internet exploder and they will still be using the proxy - whether they like it or not... :)
http://www.google.com/linux?&q=squid+transparent |
All times are GMT -5. The time now is 05:09 PM. |