我这样配置了 squid,但黑名单不起作用。我在网上搜索了一些内容,但什么也没找到。
#SQUID squid.conf
http_port 8080
############################################################
#Database Authentication MYSQL
auth_param basic program /usr/lib/squid3/squid_db_auth --dsn "DBI:mysql:database=something " --user something --password something --plaintext --persist
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 30 minute
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
http_access allow db-auth
#############################################################
#ACL
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blacklist dstdom_regex -i "/etc/squid3/blacklist"
##############################################################
#LISTA OPERAZIONI ACL
http_access deny blacklist
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
##############################################################
coredump_dir /var/spool/squid3
黑名单文件是这样的:
facebook.it
facebook.com
答案1
http_access语句会针对每个请求按顺序进行评估,一旦匹配,评估就会停止。因此http_access allow db-auth应该放置后 http_access deny blacklist这样,黑名单就被强制执行,然后进行身份验证。