Merdouille wrote:
> I used :
>
> http_access allow manager localhost
> http_access allow localnet PROTO METHOD
> http_access deny all !port
>
> I try to add deny_info options :
> deny_info TCP_RESET !manager !localhost
> deny_info TCP_RESET !localnet
> deny_info TCP_RESET !all
>
> or
>
> deny_info TCP_RESET manager localhost
> deny_info TCP_RESET localnet
> deny_info TCP_RESET all
>
>
> But i'allways have an error message "Access control configuration prevents
> your request from
> being allowed at this time. Please contact your service provider if
> you feel this is incorrect.
> etc"
> Instead ofan effective TCP_reset
deny_info requires a single ACL name.
When ACL with that name is the last on the http_access line doing a
"deny" action the deny_info page/action will be given.
None of your ACL listed for deny_info are the last on their lines.
Only 'port' is on a line doing deny.
Please note that TCP_RESET when used will not prevent abusive hosts, but
risks a mini DDoS against yourself as clients attempt to reconnect the
failed link. Use carefully.
If I may say so you have the weirdest config I've seen in months. What
exactly are you trying to do with your Squid?
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Fri Apr 03 2009 - 09:52:27 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 03 2009 - 12:00:01 MDT