請教,我的squid添加用戶認證之後,不能屏蔽了
添加 用戶認證之後,我想屏蔽百度
acl baidu dstdomain www.baidu.com
http_access deny baidu
不能組織用戶訪問百度,這是怎麼回事啊。
大俠指教。
《解決方案》
ACL的順序問題
《解決方案》
594 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
595 acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
596 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
597 acl baidu dstdomain www.baidu.com
598 acl baidu_ip dst 119.75.213.61
599 acl sohu dstdomain www.sohu.com
600 acl Name ident yang
601 http_access deny Name baidu
602 http_access allow normal
603 #http_access deny baidu
這樣錯在哪兒哪?
請指教
《解決方案》
auth_param basic program /usr/local/squid/sbin/ncsa_auth /usr/local/squid/sbin/passwd
auth_param basic children 5
auth_param basic realm NetSec Domain
acl normal proxy_auth REQUIRED
http_access allow normal
############################# IP ###################################
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl baidu dstdomain www.baidu.com
############################# port ##################################
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny baidu
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 80 accel vhost
#cache_peer 192.168.0.75 parent 80 0 no-query originserver name=server1
#cache_peer_domain server1 192.168.0.201
hierarchy_stoplist cgi-bin ?
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname netsec.esafenet.com
coredump_dir /usr/local/squid/var/cache
我的配置文件
《解決方案》
是要阻止172.16.0.0/12和192.168.0.0/16段的訪問baidu嗎?
http_access allow localnet
http_access deny baidu
把這兩順序換一下