next »

[kmashraf]

Hey !
You had me worried there.
Well I searched through all the posts regarding squid but could not find an answer to my particular problem.
I want to block sites based on domain names from a file
such as
acl banned dstdomain "/usr/local/squid/etc/block"
and I deny it with
http_access deny banned
as can be seen from the portion of my squid file included in the previous post
where 'block' is the file containing the list of domain names I want blocked.
This file has the required format of one domain per line. In fact I got it from the link given in the Squid FAQ, ACL chapter.
But I find that inspite of inserting these lines I am still getting access to the sites listed in my block file.
I need to know if there is a particular order to be followed for the acl and http_access list ?
Also am I making a mistake in placing the file, /usr/local/squid/etc/ ?
Because I am not getting any error ! Mostly it serves me without trouble, occasionally complaining of DNS resolution problems. I would blame my
ISP' s DNS server behaviour.
Only strange entry in my 'cache.log'
Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
what does this '(DIRTY)' imply ?
Thanks

[Ricky]

acl banned dstdomain "/usr/local/squid/etc/block"
and I deny it with
http_access deny banned

I don't feel anything wrong in that..  What you should that you can also make that file like block.txt instead of blcok (i m not sure it is fault) may be it can help.

your block file should be situtated in that directory where squid has proper permissions to access it.  check permissions also so that they are allowed to read by user under which squid is running.

Also your file should look like

Code:

.site1.com
site.com
anothersite.com

[kmashraf]

In fact I changed the owner ship of the file to 'squid'. I am also reflecting the file name 'block' as is.
I will try renaming the file as *.txt and try.
Would this be of significance
'Acl-operators are checked in the order that they occur in the file (ie from top to bottom). The frst acl-operator line that matches causes Squid to drop out of the acl list. Squid will not check through all acl-operators if the first denies the request."
I got it from http://squid-docs.sourceforge.net/latest/html/x591.html
What caught my attentiion is "The frst acl-operator line that matches causes Squid to drop out of the acl list. Squid will not check through all acl-operators if the first denies the request".
So once again my question is if the acl-operator line order is important ?
Thanks

[Ricky]

Yes it matters in squid but that is not so complex..

IF you simply follow the pattern of My squid.conf example in Linux How to section then there should be no such probs..

If it founds any condition true then it don't checks further rules. >

[kmashraf]

Hi,
If I sound dense please bear with me for I am a little dense.
And as always thanks.

[kmashraf]

Hi,
Willl all this work if I don't have a FQDN ? I don't !
Is that why it is not working ? Names in my file are not being resolved because I don't have an FQDN.
Thanks

[Ricky]

What ? FQDN is nothing to consider here..  anyway.. y u think so ?? can i have lil more explanation about that thought ?

[saxiee]

Hello
  I am getting problem when try to run squid2.5 on Redhat 9.0 of "$squid $squid_opts 2>/dev/null"   when i check the status of squid i got "could not determine fully quallified hostname please set visible_hostname" when i set the visible hostname to my workgroup name i got "cannot run a copy" and also getting error of "page faults with physical i/o:388"   please help me to solve problem

[kmashraf]

Well it is like this. Even when I use 'acl banned dstdomain [www.sex.com]' it still does not work. I am able to access the site and it seems to be caching the same. I found this by looking at the logs. The access.log shows this

1090338621.321   1378 192.168.0.xx TCP_MISS/302 707 GET [http://www.sex.com/] - DIRECT/209.81.7.93 text/html
1090338622.600   1276 192.168.0.xx TCP_MISS/302 593 GET [http://india.sex.com/index.html] - DIRECT/209.81.7.23 text/html
1090338624.717   2112 192.168.0.xx TCP_MISS/200 4285 GET [http://www.sex.com/s.html?] - DIRECT/209.81.7.93 text/html
1090338626.023   1788 192.168.0.xx TCP_MISS/200 2876 GET [http://www.sex.com/common/functions.js] - DIRECT/209.81.7.93 text/html
(My modification '[' ']' and 'xx')  

One part of your tutorial I've not included in my config is
visible_hostname you.yourdomain.com
unique_hostname you.yourdomain.com

This is why I am asking about the FQDN.
Much obliged
Ashraf

[tomamodi]

dear RICKY
i see here you are very active and cooprative
i need your help in very small mater for you and very difficult for me as new
i am going to install squid transperent cache in lan
i have setting
modem --> router --->hub 24 pc connected  in this 24 i want connect one as cache transperent to hub ex:no 12 where i am
 i want that linux box on this place where it is win98 running so i am producing the winipcfg report to see and what to understand where i have to put the following in your sample squid.conf
<winipcfg>
dns it is in router 10.0.0.2
mac address xx-xx-xx-xx-xx-xx
ip of this pc 10.0.0.12
subnet mask 255.255.255.0
gateway 10.0.0.2
where i have to put this settings to make this place as linux cache/trans
thanks for guide

[Ricky]

@ TOMAMODI

Man.. Configure your One PC as Linux PRoxy server as I have mentioned then in all your box..

1. IF you are using static ip.. ie no DHCP then manual configuration will require..

Say you have network 192.168.1.0

then in ur clients..

Gateway   :: <ip of your linux box>
DNS server :: <ip of ur ISP or IP of ur linux box when caching nameserver is enabled --for caching nameserver find how to do in the  previous posts.>
IP address :: 192.168.1.x
Subnet :: 255.255.255.0

I hope u are cleared !

2. If you have setup DHCP server then simply configure ur clients to get IP from DHCP

[Ricky]

@kmAshraf

Umm.. strange.. anyway.. instead of [www.abc.com] use .abc.com !!

Also u look about

acl banned url_regex -i  word1 word2 word3

That should work effectively!!

[Ricky]

@saxiee

Man. pls give the last 10 lines of ur cache.log

[saxiee]

cache_mem 4 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1096 KB

[Ricky]

@saxiee
Man.. this is not what i want.. there is cache.log.. give last 10 lines of that

   Recommend LS
   Linux User Around