Ray Phillips ha scritto:
I'm using squid on a NetBSD/i386 2.0F machine:
% ./squid --version
Squid Cache: Version 2.5.STABLE5-20040626
configure options: --enable-cache-digests --enable-snmp
--enable-storeio=diskd,ufs --enable-removal-policies
I've attempted to block access to URLs like this:
http://a310.v114492.c11449.g.vm.akamaistream.net/7/310/11449/v0001/msnmusicstrm.download.akamai.com/12336/BFHJ23HZ/Prod/wma/v9/Audio/00/05/15/100150500.wma?
using these ACLs:
acl BAD_FILES2 urlpath_regex -i \.wma\??$
http_access deny BAD_FILES3
acl BAD_URL4 url_regex -i \.wma\??$
http_access deny BAD_URL4
both of which are active at present.
When I try to access this URL with a Web browser it is blocked but
access.log shows many successful accesses from other machines, e.g.:
1121737201.148 199062 192.168.37.147 TCP_MISS/200 524897 GET
http://a792.v114496.c11449.g.vm.akamaistream.net/7/792/11449/v0001/msnmusicstrm.download.akamai.com/12336/BFHJ23HZ/Prod/wma/v9/Audio/73/18/51/4511873.wma?
- TIMEOUT_FIRST_UP_PARENT/proxy1.uq.edu.au application/x-mms-framed
1121737202.645 1491 192.168.37.147 TCP_MISS/200 502 POST
http://a792.v114496.c11449.g.vm.akamaistream.net/7/792/11449/v0001/msnmusicstrm.download.akamai.com/12336/BFHJ23HZ/Prod/wma/v9/Audio/73/18/51/4511873.wma?
- FIRST_PARENT_MISS/proxy2.uq.edu.au -
I've also tried these ACLs:
acl BAD_FILES2 urlpath_regex -i \.wma$
acl BAD_FILES2 urlpath_regex -i \.wma\?$
The former works for URLs ending in .wma as you'd expect, but the
latter didn't block ones ending with .wma?
Could you point out where I'm going wrong please?
Ray
Perhaps they do not end with ".wma?". It looks like you have TAG
strip_query_terms on, and you can not see the end of the url.
Matteo Villari
