This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ACL files permissions

I'm trying to incude an ACL list but I keep on receiving the error : strtokFile filename not found

Is there a special file position / permission that I have t set on the ACL files ?

THANKS!

This thread was automatically locked due to age.

Parents

0 Dennis Koslowski over 23 years ago

Hello Pierluigi,

Could you give us more information? Wich kind of ACL on wich ASL version?

Thank you,
--
Dennis
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierluigi Ferro over 23 years ago in reply to Dennis Koslowski

ASL beta 2
It's a file ACL to block url_regex

acl denied url_regex "/path/to/file"

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus Hennig over 23 years ago in reply to Pierluigi Ferro

Hi Pierluigi,

mmhhh... no idea...

Do you mean ACL definition in squid.conf-default? Whats your path and filename?
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierluigi Ferro over 23 years ago in reply to Markus Hennig

Yes, I'm talking about an ACL file definition in squid.conf-default.
I tried several paths and several file permissions, but I keep getting the same error message strtokFile not found.
I was wondering if there should be a special path or file permission..
Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 oliver.desch over 23 years ago in reply to Pierluigi Ferro

Hi Pierluigi,

for blocking or redirecting pages with not wanted content, edit "/var/chroot-squid/etc/redirect.rules".
Don´t forget to restart squid!

o|iver
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierluigi Ferro over 23 years ago in reply to oliver.desch

I have a 100.000 lines block list set to be used as a Squid ACL list, so it would be very time consuming editing the correct sintax for jesred.
My simple question is :
1. Is there a way to add a 'native' squid ACL block/unblock list ?
2. If yes, How ?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 oliver.desch over 23 years ago in reply to Pierluigi Ferro

Hi Pierluigi,

modify /var/chroot-squid/etc/squid.conf-default. In the acl section create your own
acl for example "acl baddomains dstdomain "filename"". In the next section
for http_access create an entry "http_access deny baddomains".
Attention squid is running in a chroot environment so the root path to the filename
is not "/var/chroot-squid/...", it is for example "/etc/baddomains".

For further read this documentation. http://squid-docs.sourceforge.net/latest/html/x1560.htm
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierluigi Ferro over 23 years ago in reply to oliver.desch

Again, it doesn't work

--snip--
acl denied url_regex "/etc/denied.txt"
acl nodenied url_regex "/etc/nodenied.txt"

http_access deny denied !nodenied
--snip--

I tried :

1. File *.txt in /etc
2. File *.txt in /var/chroot-squid/etc
3. File *.txt s.linked in /etc to /var/chroot-squid/etc
4. Change all file permisssions

The result is always the same :

strtOkFile /path/to/file not found
aclParseAcLine IGNORING Invalid acl : acl denied url_regex ......

Have you actually tried to do it ?
If so, excuse my ignorance, can you point out your exact configuration ? (eg paths, files permissions, symbolic links...)

Thanks a lot

Pierluigi
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Pierluigi Ferro over 23 years ago in reply to oliver.desch

Again, it doesn't work

--snip--
acl denied url_regex "/etc/denied.txt"
acl nodenied url_regex "/etc/nodenied.txt"

http_access deny denied !nodenied
--snip--

I tried :

1. File *.txt in /etc
2. File *.txt in /var/chroot-squid/etc
3. File *.txt s.linked in /etc to /var/chroot-squid/etc
4. Change all file permisssions

The result is always the same :

strtOkFile /path/to/file not found
aclParseAcLine IGNORING Invalid acl : acl denied url_regex ......

Have you actually tried to do it ?
If so, excuse my ignorance, can you point out your exact configuration ? (eg paths, files permissions, symbolic links...)

Thanks a lot

Pierluigi
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 oliver.desch over 23 years ago in reply to Pierluigi Ferro

Hi Pierluigi,

I think you have a typing error! I reproduced
the error message you got. I think, squid tells you the truth :-)

acl baddomains dstdomain "/etc/baddomains"
acl badurls url_regex "/etc/badurls"
http_access deny baddomains
http_access deny badurls

asl:/var/chroot-squid/etc # ls -la bad*
-rw-r--r--   1 root     root           53 Jul 23 11:08 baddomains
-rw-r--r--   1 root     root           17 Jul 24 08:06 badurls
-------------------------

Tested with Squid 2.2 home PC
and 2.3, ASL 1.920

This was the last thing I could do for you

o|iver
Cancel
Vote Up 0 Vote Down

Cancel
0 Octavia over 23 years ago in reply to oliver.desch

Hi Pierluigi,

you need an "-i" before use of a filename (blacklist):

example:
--------
acl porn_block url_regex -i "/etc/squid/porn.block.txt"
acl unblock url_regex -i "/etc/squid/sites.unblock.txt"

http_access deny porn_block !unblock

---------

File location is relative to chroot, (/var/chroot-squid/)

I have also compiled SquidGuard as an redirector in conjunction with ASL, if you have a large blacklist with over 100 000 records, SquidGuard is preferred because of less use of memory and faster access to large database-files.
Look at http://www.squidguard.org/

(I tried out squid with over 100000 records, without any success even with 128 MB RAM, its slow....ASL started to jam me with emails [;)]sk)

Jesred (add a list of hostnames you may already have to redirect.rules), example:
cat list-of-banned-sites \
| sed -e "s/\./\\./g" \
| awk '{ print "regex ^(http://" $1 "/.*) http://www.example.com/cgi-bin/na?url=\1" }' \
>> /var/chroot-squid/etc/redirect.rules

Make a backup of originale redirect.rules file [;)] !!
Cancel
Vote Up 0 Vote Down

Cancel