>those won't do anything, use http_reply_access instead of http_access,
>to deal with mime-types
I attached "partial acl" to this email only for example, infact in real
squid.conf there is also http_reply_access to deal with deal mime-types.
But do you suggest to use both https_access and http_reply_access, or only
http_access directive ?
> acl nosoundnovid rep_mime_type audio video
This acl 'rep_mime_type audio video' contains all mime type of video audio
streams ?! I have to add ' req_mime_type audio video' too ?
>are you sure that you need to filter requests instead of reply here ?
I answered you in first point.
-----Messaggio originale-----
Da: Erwann PENCREACH [mailto:erwann.pencreach_at_ch-chaumont.fr]
Inviato: Friday, August 14, 2009 8:12 AM
A: squid-users_at_squid-cache.org
Oggetto: Re: [squid-users] acl order
Hi
Riccardo Castellani a écrit :
> If create these entries in squid.conf:
>
> acl wwwebay dstdomain www.ebay.com
> acl wwwcons dstdomain demo.consortium.com
> acl emmepitre url_regex ^http://.*\.mp3
> acl msnmessq req_mime_type -i ^application/x-msn-messenger$
> acl msnmessp rep_mime_type -i ^application/x-msn-messenger$
> acl audiosp rep_mime_type -i ^audio/wav$
> acl videosp req_mime_type -i ^application/x-shockwave-flash$
> acl streaming_mediap rep_mime_type ^video/x-ms-asf
> acl streaming_mediap rep_mime_type ^audio/mpeg
> acl streaming_mediap rep_mime_type ^audio/x-scpls
> acl streaming_mediap rep_mime_type ^video/x-flv
>
> http_access allow user2
> http_access allow user3
> http_access deny msnmessp
> http_access deny audiosp
> http_access deny videosp
> http_access deny streaming_mediap
>
those won't do anything, use http_reply_access instead of http_access,
to deal with mime-types
http_access allow user1 wwwebay
> http_access allow user1 wwwcons
> http_access deny wwwebay
> http_access allow user4
> ...
> ...
> ...
> http_access allow user100
> http_access deny all
> #
> http_reply_access allow user2
> http_reply_access allow user3
> http_reply_access deny msnmessp
> http_reply_access deny audiosp
> http_reply_access deny videosp
> http_reply_access deny streaming_mediap
> http_reply_access allow all
>
>
> In this case, I'd like:
>
> user2+3 can access to everything.
> User1 can access only to www.ebay.com
> User4 to user 100 can access everything except msnmessp, audiosp, videosp,
> streaming_mediap, wwwebay, wwwcons.
>
>
> What's order on which rules are scanned from squid ?
from top to bottom
> What do you think about my schema criteria ?
- your audio and video filtering are not exaustive, I prefer using :
acl nosoundnovid rep_mime_type audio video
- are you sure that you need to filter requests instead of reply here ?
acl msnmessq req_mime_type -i ^application/x-msn-messenger$
acl videosp req_mime_type -i ^application/x-shockwave-flash$
>
> --
> Ce courrier électronique a été vérifié et est exempt de virus connus à ce
jour.
> Contactez votre administrateur pour plus de renseignement.
> postmaster_at_ch-chaumont.fr
-- Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce jour. Contactez votre administrateur pour plus de renseignement. postmaster_at_ch-chaumont.frReceived on Fri Aug 14 2009 - 08:22:14 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 15 2009 - 12:00:02 MDT