Hi there,

Somewhat of a newbie when it comes to squid and the boss has asked me
to set it up for our internal lan. I have it denying stuff that we
don't want the users to get to but the stuff we do want them to get to
it is timing out.

The acl lists we have are:
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port # webmin 10000
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl DeniedAgentSites dstdomain .google.com .yahoo.com .hotmail.com
.theage.com.au .msn.com
acl all src 172.16.56.0-172.16.56.254/255.255.255.255
192.168.0.0-192.168.0.254/255.255.255.255
acl DeniedAgentIPs dst 65.54.239.0-65.54.239.0/255.255.255.0
acl AllowedAgentSites dstdomain .dactive.com.au .eway.com .eway.com.au
.powerdirect.com .powerdirect.com.au .verisign.com .verisign.com.au
acl AgentWebsites dst 172.16.56.0-192.168.0.0/255.255.255.0

And the proxy restrictions are as follows:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow AllowedAgentSites
http_access deny !AllowedAgentSites
http_access allow localhost

Why does this setup deny not AllowedAgentSites (as you would hope it
would work) but not let through the AllowedAgentSites? It ends up
switching to the autosearch thing which just gets blocked cos it's not
part of the Allowed list. I basically want anything in the
AllowedAgentSites acl to be let through the proxy and any other site to
be denied.

Cheers in advance.

Bj

[ Post a follow-up to this message ]