Henrik Nordstrom disse na ultima mensagem:
> On tor, 2007-08-30 at 06:02 -0300, Michel Santos wrote:
>> There is appearently an acl bug
>>
>> acls do not work for peers
>
> They do work for peers, just the same as any other http client. There is
> nothing special about peers in the access controls.
>
>> acl all src 200.152.80.0/20
>
> Warning: Don't redefine the "all" acl unless you are very careful. It's
> used in a number of defaults and meant to match "the whole world", and
> results can become a bit confusing if redefined...
>
> Instead define a "mynetwork" acl to match your clients..
>
I just did this but does not change the misbehaviour I described
>> acl danger urlpath_regex -i instal\.html
>> http_access deny all danger
>> #
>>
>> so far this works for "all", I mean it blocks as wanted
>>
>>
>> #
>> acl all src 200.152.80.0/20
>> acl peer src 200.152.83.40
>> acl danger urlpath_regex -i instal\.html
>> http_access deny all danger
>> http_access deny peer danger
>
> Nothing obviously wrong, apart from the use of the "all" acl..
ok, in fact the acl all ... is not the point and works anyway despite your
observation, what is NOT working as supposed is acl peer ... and it's
following deny clause for the peer
>
>> does NOT when accessing directly from a browser from 200.152.83.40
>
> Should it? When going directly Squid is not used...
well well ... directly from a browser not as "always_direct" or something
I mean here when acessing the parent as client ok, since the frontend
cache is a transparent proxy it catch/intercept this connection and should
apply the acl what it in fact does so long as the IP does not part of "acl
peer src"
when I change the "acl peer src *IP*" then the acl works for this machine
as well as for all not_peer_clientes of the frontend cache
*THIS* is the thing here: that any acl configured on the frontend cache is
not beeing applied to any request from the peer
michel
...
****************************************************
Datacenter Matik http://datacenter.matik.com.br
E-Mail e Data Hosting Service para Profissionais.
****************************************************
Received on Thu Aug 30 2007 - 05:27:54 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT