Доброго времени суток!
делаю первые шаги в освоении FreeBSD и Squid.
достался по наследству прозрачный Squid смотрит на верхний Squid.
Собственно вопрос, почемуSquid игнорирует acl? он разрешает качать ВСЁ и пускает на все сайты
вот его squid.conf:# squid.conOBf
# Last changes: 21.12.2005
#Ports
http_port 3128
icp_port 3128
#Base config
# debug_options ALL,9
pid_filename /cache/logs/squid.pid
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_dir ufs /cache 250 16 256
cache_log /cache/logs/cache.log
cache_access_log /cache/logs/access.log
cache_store_log /cache/logs/store.log
cache_swap_log /cache/logs/swap.log
error_directory /usr/local/etc/squid/errors/Russian-koi8-r
logfile_rotate 1
#Main rules
redirect_rewrites_host_header off
cache_replacement_policy GDSF
acl localnet src 10.61.0.0/255.255.254.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl SSL_ports port 443 563 5999
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow localnet
#Transparent proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#Moskow server
cache_peer верхний_прокси-сервер parent 3128 3128 no-query default
prefer_direct off
never_direct allow all
#Local settings
cache_mgr адрес_админа@pochta.ru
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs on
acl media url_regex .exe .mp3 .vqf .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .inpn
http_access deny media
acl SitesMP3 dstdomain .recordings.ru
http_access deny localnet SitesMP3
delay_pools 2
delay_class 1 1
delay_parameters 1 5000/5000 5000/5000
delay_access 1 allow localnet !it !media
delay_access 1 deny all
delay_class 2 1
delay_parameters 2 -1/-1
#delay_access 2 allow it
delay_access 2 deny localnet
delay_access 2 deny all
Вариант для распечатки
Настройка Squid и других прокси серверов (Public)
(ok) on 08-Май-06, 16:19 
