Hide Forgot
Description of problem: The arp acl type doesn't work. Version-Release number of selected component (if applicable): squid-3.3.8-26 How reproducible: 100% Steps to Reproduce: 1. Configure squid with an "acl foo arp ..." 2. Add foo to an http_access denying access 3. Try to access something through the proxy Actual results: Can access the denied item Expected results: Should be denied access Additional info: The configure options in the build are missing --enable-arp-acl. I've done a local build with it enabled and it works perfectly fine.
Thank you for taking the time to report this issue to us. We appreciate the feedback and use reports such as this one to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution. If this issue is critical or in any way time sensitive, please raise a ticket through the regular Red Hat support channels to ensure it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit: https://www.redhat.com/support/process/production/#howto
What part of my description makes you feel like this is a support request? I don't need support. This is an RFE for a future release.
Hi Brian, according to http://wiki.squid-cache.org/SquidFaq/SquidAcl , this option should be turned on by default, without any need to explicitly define it. I'm now working on different squid issues and if there is time left, I will try to look at it and test, why this option need to be specified as option of configure script.
(In reply to Luboš Uhliarik from comment #4) > Hi Brian, Hi Luboš, > according to http://wiki.squid-cache.org/SquidFaq/SquidAcl , this option > should be turned on by default, without any need to explicitly define it. Indeed, that is what the documentation seems to indicate. But all of my testing here failed to match rules based on arp acl until I enabled it in the build explicitly. Perhaps there is an autoconf test for whether to enable it or not that is erroneously failing on EL7. > I'm now working on different squid issues and if there is time left, I will > try to look at it and test, why this option need to be specified as option > of configure script. Much appreciated. Cheers.
Hi Brian, I tried it with squid-3.3.8-25.el7.x86_64, and I didn't find any problem. Part of my squid.conf: --------------------- acl foo arp MY:MA:CA:DD:RE:SS http_access deny foo http_access allow all --------------------- After applying this configuration, squid denies me access for requested host: The following error was encountered while trying to retrieve the URL: http://google.com/ Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is root. It seems to me, squid works as expected. Where exactly do you see the problem?
This request was evaluated by Red Hat Engineering for inclusion in a Red Hat Enterprise Linux maintenance release. As this bug has been in NEEDINFO for an extended period of time we are going to close this bug due to inactivity. If you would like to pursue this matter feel free to reopen this bug and attach the needed information. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating enhancements for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects. However, Red Hat will further review this request for potential inclusion in future major releases of Red Hat Enterprise Linux.