服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Squid ACL白名单不起作用
Intereting Posts
在vmstat命令的输出中的cs参数中计算了什么样的上下文切换 Apache:我怎样才能让192.168.1.101上的本地主机可见192.168.1.102? 如何有条件地为通过nginx中的X-Accel-Redirect提供的字体添加Access-Control-Allow-Origin头 为什么托pipe公司只为内存充电? 这些networking条款是什么意思? (br0等) 非特权用户可以识别Office 365是否强制与合作伙伴组织进行TLSencryption? Win2008上的SMTP服务器,SPF ecc 如何确切知道哪些软件包在Ubuntu中具有安全更新? 如何在Unix中创build邮件列表 由于连接超时,无法显示Proxmox控制台 (CentOS)添加交换文件失败 在Cisco ASA 5505上打开端口 如何阻止来自用户的访问,而不是来自http? dhcpd选项82日志logging不工作 在IIS7中监视大量应用程序池的最佳方法是什么?

Squid ACL白名单不起作用

我有透明模式的Squid代理HTTP / HTTPS拼接所有模式。 我想要一堆URL跳过鱿鱼,所以我想添加DNSlogging到白名单,但似乎像白名单被鱿鱼忽略在我的列表 

.tdesktop.com .whatsapp.com .whatsapp.net .facebook.com [2.4.0-RC][[email protected]]/home/olivierif: sudo squid -k parse 2017/10/02 13:19:20| Startup: Initializing Authentication Schemes ... 2017/10/02 13:19:20| Startup: Initialized Authentication Scheme 'basic' 2017/10/02 13:19:20| Startup: Initialized Authentication Scheme 'digest' 2017/10/02 13:19:20| Startup: Initialized Authentication Scheme 'negotiate' 2017/10/02 13:19:20| Startup: Initialized Authentication Scheme 'ntlm' 2017/10/02 13:19:20| Startup: Initialized Authentication. 2017/10/02 13:19:20| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2017/10/02 13:19:20| Processing: http_port 192.168.50.254:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2017/10/02 13:19:20| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2017/10/02 13:19:20| Starting Authentication on port 127.0.0.1:3128 2017/10/02 13:19:20| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2017/10/02 13:19:20| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2017/10/02 13:19:20| Starting Authentication on port 127.0.0.1:3129 2017/10/02 13:19:20| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2017/10/02 13:19:20| Processing: icp_port 0 2017/10/02 13:19:20| Processing: digest_generation off 2017/10/02 13:19:20| Processing: dns_v4_first on 2017/10/02 13:19:20| Processing: pid_filename /var/run/squid/squid.pid 2017/10/02 13:19:20| Processing: cache_effective_user squid 2017/10/02 13:19:20| Processing: cache_effective_group proxy 2017/10/02 13:19:20| Processing: error_default_language en 2017/10/02 13:19:20| Processing: icon_directory /usr/local/etc/squid/icons 2017/10/02 13:19:20| Processing: visible_hostname localhost 2017/10/02 13:19:20| Processing: cache_mgr admin@localhost 2017/10/02 13:19:20| Processing: access_log /var/squid/logs/access.log 2017/10/02 13:19:20| Processing: cache_log /var/squid/logs/cache.log 2017/10/02 13:19:20| Processing: cache_store_log none 2017/10/02 13:19:20| Processing: netdb_filename /var/squid/logs/netdb.state 2017/10/02 13:19:20| Processing: pinger_enable off 2017/10/02 13:19:20| Processing: pinger_program /usr/local/libexec/squid/pinger 2017/10/02 13:19:20| Processing: sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 2017/10/02 13:19:20| Processing: sslcrtd_children 5 2017/10/02 13:19:20| Processing: sslproxy_capath /usr/local/share/certs/ 2017/10/02 13:19:20| Processing: sslproxy_options NO_SSLv2,NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2017/10/02 13:19:20| Processing: sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS 2017/10/02 13:19:20| Processing: sslproxy_cert_error allow all 2017/10/02 13:19:20| Processing: logfile_rotate 3 2017/10/02 13:19:20| Processing: debug_options rotate=3 2017/10/02 13:19:20| Processing: shutdown_lifetime 3 seconds 2017/10/02 13:19:20| Processing: acl localnet src 192.168.50.0/24 2017/10/02 13:19:20| Processing: forwarded_for on 2017/10/02 13:19:20| Processing: httpd_suppress_version_string on 2017/10/02 13:19:20| Processing: uri_whitespace strip 2017/10/02 13:19:20| Processing: acl dynamic urlpath_regex cgi-bin \? 2017/10/02 13:19:20| Processing: cache deny dynamic 2017/10/02 13:19:20| Processing: cache_mem 128 MB 2017/10/02 13:19:20| Processing: maximum_object_size_in_memory 512 KB 2017/10/02 13:19:20| Processing: memory_replacement_policy heap GDSF 2017/10/02 13:19:20| Processing: cache_replacement_policy heap LFUDA 2017/10/02 13:19:20| Processing: minimum_object_size 0 KB 2017/10/02 13:19:20| Processing: maximum_object_size 4 MB 2017/10/02 13:19:20| Processing: cache_dir ufs /var/squid/cache 1000 16 256 2017/10/02 13:19:20| Processing: offline_mode off 2017/10/02 13:19:20| Processing: cache_swap_low 90 2017/10/02 13:19:20| Processing: cache_swap_high 95 2017/10/02 13:19:20| Processing: cache allow all 2017/10/02 13:19:20| Processing: refresh_pattern ^ftp: 1440 20% 10080 2017/10/02 13:19:20| Processing: refresh_pattern ^gopher: 1440 0% 1440 2017/10/02 13:19:20| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2017/10/02 13:19:20| Processing: refresh_pattern . 0 20% 4320 2017/10/02 13:19:20| Processing: acl allsrc src all 2017/10/02 13:19:20| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535 2017/10/02 13:19:20| Processing: acl sslports port 443 563 2017/10/02 13:19:20| Processing: acl purge method PURGE 2017/10/02 13:19:20| Processing: acl connect method CONNECT 2017/10/02 13:19:20| Processing: acl HTTP proto HTTP 2017/10/02 13:19:20| Processing: acl HTTPS proto HTTPS 2017/10/02 13:19:20| Processing: acl step1 at_step SslBump1 2017/10/02 13:19:20| Processing: acl step2 at_step SslBump2 2017/10/02 13:19:20| Processing: acl step3 at_step SslBump3 2017/10/02 13:19:20| Processing: acl allowed_subnets src 192.168.0.0/16 2017/10/02 13:19:20| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" 2017/10/02 13:19:20| Processing: http_access allow manager localhost 2017/10/02 13:19:20| Processing: http_access deny manager 2017/10/02 13:19:20| Processing: http_access allow purge localhost 2017/10/02 13:19:20| Processing: http_access deny purge 2017/10/02 13:19:20| Processing: http_access deny !safeports 2017/10/02 13:19:20| Processing: http_access deny CONNECT !sslports 2017/10/02 13:19:20| Processing: http_access allow localhost 2017/10/02 13:19:20| Processing: request_body_max_size 0 KB 2017/10/02 13:19:20| Processing: delay_pools 1 2017/10/02 13:19:20| Processing: delay_class 1 2 2017/10/02 13:19:20| Processing: delay_parameters 1 -1/-1 -1/-1 2017/10/02 13:19:20| Processing: delay_initial_bucket_level 100 2017/10/02 13:19:20| Processing: delay_access 1 allow allsrc 2017/10/02 13:19:20| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf 2017/10/02 13:19:20| Processing: url_rewrite_bypass off 2017/10/02 13:19:20| Processing: url_rewrite_children 16 startup=8 idle=4 concurrency=0 2017/10/02 13:19:20| Processing: http_access allow whitelist 2017/10/02 13:19:20| Processing: acl sglog url_regex -i sgr=ACCESSDENIED 2017/10/02 13:19:20| Processing: http_access deny sglog 2017/10/02 13:19:20| Processing: ssl_bump peek step1 2017/10/02 13:19:20| Processing: ssl_bump splice all 2017/10/02 13:19:20| Processing: http_access allow allowed_subnets 2017/10/02 13:19:20| Processing: http_access allow localnet 2017/10/02 13:19:20| Processing: http_access deny allsrc 2017/10/02 13:19:20| Processing: icap_enable on 2017/10/02 13:19:20| Processing: icap_send_client_ip on 2017/10/02 13:19:20| Processing: icap_send_client_username off 2017/10/02 13:19:20| Processing: icap_client_username_encode off 2017/10/02 13:19:20| Processing: icap_client_username_header X-Authenticated-User 2017/10/02 13:19:20| Processing: icap_preview_enable on 2017/10/02 13:19:20| Processing: icap_preview_size 1024 2017/10/02 13:19:20| Processing: icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav bypass=off 2017/10/02 13:19:20| Processing: adaptation_access service_avi_req allow all 2017/10/02 13:19:20| Processing: icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squid_clamav bypass=on 2017/10/02 13:19:20| Processing: adaptation_access service_avi_resp allow all 2017/10/02 13:19:20| Initializing https proxy context 2017/10/02 13:19:20| Initializing http_port 192.168.50.254:3128 SSL context 2017/10/02 13:19:20| Using certificate in /usr/local/etc/squid/serverkey.pem 2017/10/02 13:19:20| Initializing http_port 127.0.0.1:3128 SSL context 2017/10/02 13:19:20| Using certificate in /usr/local/etc/squid/serverkey.pem 2017/10/02 13:19:20| Initializing https_port 127.0.0.1:3129 SSL context 2017/10/02 13:19:20| Using certificate in /usr/local/etc/squid/serverkey.pem

任何build议?