This looks like your problem
>http_access deny BlockExt
>
>#Allow specialdomain without BlockExt
>http_access deny BlockExt !specialdomain
>
You have a deny all first remove that first one and try it again.
Jason
-----Original Message-----
From: Sergio Chavarri [mailto:sergio_chavarri@yahoo.com]
Sent: Monday, May 29, 2006 3:09 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Help in ACL Configuration using three rules
Hi everyone,
After made a research in squid database, maybe
something is missing and I would like a feedback of
this configuration
I am trying to create an access list with "denied
sites" and denied extension format, like mp3, exe
But, at the same time I would like to allow a special
list (domains) to access without restrictions (mp3,
exe)
Actually, I can deny a list of sites and deny an
extension list(mp3,exe) at the same time, but It
doesn't work to allow without restriction the special
list.
Please, take a look in the next lines and let me know
my mistakes in order to implement them.
Thanks a lot. Sergio
# Proxy port -
http_port 8080
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION
ALGORITHM
# # proxy
icp
# # hostname type port
port options
# # -------------------- -------- -----
----- -----------
cache_peer proxy.mysite.com parent 8080 0
default no-query allow-miss login=PASS
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
# TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# TAG: cache_mem (bytes)
cache_mem 64 MB
# TAG: cache_dir
cache_dir ufs /var/spool/squid 1000 64 256
# TAG: auth_param
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
# TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROLS
# TAG: acl
# Local networks with "C" IP class: office1,office2,
office3
acl office1 src 7.24.10.0/24
acl office2 src 7.24.50.0/24
acl office3 src 7.24.60.0/24
acl SSL_ports port 443 563 8143
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# acl deny for web radio stream -
acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$
acl webRadioReq2 req_mime_type -i
^application/vnd.ms.wms-hdr.asfv1$
acl webRadioReq3 req_mime_type -i
^application/x-mms-framed$
acl WMP browser Windows-Media-Player/*
# acl deny for extensions
acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$ \.wmv$
\.avi$ \.mpeg$ \.mpg$ \.qt
$ \.ram$ \.rm$ \.iso$ \.wav$ \.exe$
#Special domain without restriction (exe, mp3..)
acl specialdomain dstdomain < /etc/squid/specialdomain
>
# Access deny for Web radio /Stream
http_access deny WMP all
http_access deny webRadioReq1 all
http_access deny webRadioReq2 all
http_access deny webRadioReq3 all
http_reply_access deny webRadioRep1 all
http_reply_access deny webRadioRep2 all
http_reply_access deny webRadioRep3 all
http_access deny BlockExt
#Allow specialdomain without BlockExt
http_access deny BlockExt !specialdomain
#Extension for domain & path
#Extension List using files AAA
acl deniedsites url_regex "/etc/squid/deniedsites"
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Mon May 29 2006 - 13:25:08 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT