Thomas Raef wrote:
> You need to apply your acls with some deny statements.
>
> http_reply_access deny blockfiles for your mp3's, etc.
>
> To block websites I use dstdomain instead of url_regex.
>
> So my squid.conf contains:
>
> acl blocksites dstdomain "/etc/squid/squid-block.acl"
>
> http_access deny blocksites
>
>
> One other suggestion would be to block by filetype and not just file
> extension.
>
> Thomas J. Raef
> e-Based Security, LLC
> www.ebasedsecurity.com
> 1-866-838-6108
> "You're either hardened, or you're hacked!"
>
>
>> -----Original Message-----
>> From: Tarak Ranjan [mailto:tarak.ranjan@liqwidkrystal.com]
>> Sent: Thursday, November 01, 2007 2:47 AM
>> To: squid-users@squid-cache.org
>> Subject: [squid-users] transparent Proxy
>>
>> Hi List,
>> I'm new to this list. i have a question about transparent
>> proxy. if i apply an ACL for downloading mp3 and mpeg. but it's not
>> working, user's are able to download mp3 or mpeg...
>> here is my config..squid.conf file.
>>
>> port 8080
>> acl blocksites url_regex "/etc/squid/squid-block.acl"
That should be:
acl blocksites dstdomain "/etc/squid/squid-block.acl"
>>
>> "quid-block.acl"
>> .meebo.coms
>> .sex.com
>>
>> acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl"
>>
>> "multimedia.files.acl"
>> \.[Aa][Vv][Ii]$
>> \.[Mm][Pp][Gg]$
>> \.[Mm][Pp][Ee][Gg]$
>> \.[Mm][Pp]3$
you can also simplify your regex a LOT, by adding -i to the acl and
making it case insensitive.
acl blockfiles urlpath_regex -i "..."
http_access is the best to use with this, it catches things on the way
out before using up any bandwidth.
http_access deny blocksites
http_access deny blockfiles
as Thomas Raef said earlier there is also the rep_mime_type acl for
catching anything incoming that uses other file extensions (scripts etc)
Amos
Received on Thu Nov 01 2007 - 04:54:29 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST