Bug 1330134

Summary: should add --enable-arp-acl to configure options
Product: [Fedora] Fedora Reporter: Brian J. Murrell <brian>
Component: squidAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 23CC: brian, henrik, jonathansteffan, luhliari, psimerda, qe-baseos-apps, thozza
Target Milestone: ---Flags: luhliari: needinfo? (brian)
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1329822 Environment:
Last Closed: 2016-07-18 10:29:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Brian J. Murrell 2016-04-25 12:44:40 UTC 
Description of problem:
The arp acl type doesn't work.

Version-Release number of selected component (if applicable):
squid-3.5.9-7

How reproducible:
100%

Steps to Reproduce:
1. Configure squid with an "acl foo arp ..."
2. Add foo to an http_access denying access
3. Try to access something through the proxy

Actual results:
Can access the denied item

Expected results:
Should be denied access

Additional info:
The configure options in the build are missing --enable-arp-acl.  I've done a local build of 3.3.8 on EL7 with it enabled and it works perfectly fine.
Comment 1 Luboš Uhliarik 2016-05-10 17:11:11 UTC 
Hi Brian, 

would it be suitable for you, if I turn this feature on in F24 or Rawhide?
Comment 2 Brian J. Murrell 2016-05-10 17:36:01 UTC 
Sure.  The sooner the better.  And RHEL even.  :-)
Comment 3 Luboš Uhliarik 2016-05-20 15:32:45 UTC 
Hi Brian,

finally, I had few minutes to try squid how works with ARP and I didn't experience any problem.

part of my squid.conf:

acl foo arp MY_MAC
http_access deny foo
http_access allow all

Squid works as expected. Where exactly do you see the problem?
Comment 4 Brian J. Murrell 2016-05-20 21:28:10 UTC 
Did you try on EL or Fedora?  Maybe it's working on one but not the other?
Comment 5 Luboš Uhliarik 2016-05-23 10:07:38 UTC 
Hi Brian,

server with squid installation was running RHEL 7.2, I tried to access that website from Fedora 23 (using e.g. firefox browser). 

I haven't tried it on Fedora yet, but anyway I assumed, your testing was wrong, since you filled this bug on RHEL too, but it is working there.

Could you please try to reproduce it on RHEL and give me exact steps, how did you managed it? I tried everything, but it was always working for me.
Comment 6 Luboš Uhliarik 2016-07-18 10:29:32 UTC 
Hi Brian, I'm closing this bug as NOTABUG, since it is almost 2 months, you haven't responded. 

If you think, I made a mistake feel free to reopen this bug.