answer to question 1: you have to place allowed_url or allowed_dstdomain above blocked_url on the http_access rule: http_access allow allowed_url http_access allow allowed_dstdomain http_access deny blocked_url answer to question 2: try using ftp_user anonymous actually i dont like using squid for proxying ftp connection, i have some problem login some ftp servers also. regards, Pudjo@indonesia --- Andreas Woll <woll.andreas@xxxxxx> menulis: > I've got a SQUID running on Windows 2000 Server > [SQUIDNT 2.5 Stable 9] with > DSL-Line. > Normally the system is very performant and working > fine, but I've > encountered two problems: > > 1. I've implemented a blocking acl (blocked_url) and > it worked fine, but > some special addresses (allowed_url) to be > accessable > are still blocked. Is it possible to build an > junction between these two > acls to get access to special addresses and all > non-blocked? > For example: > sex is blocked and msexchangefaq.de is allowed. > > 2. I've got performance problems with ftp downloads > especially from hp.com > There are normal ftp links but it takes quite a long > time for squid to start > serving the request. > > here is the squid.conf. > > http_port 3128 > hierarchy_stoplist cgi-bin ? > cache_dir ufs E:/Squid/cache 20000 16 256 > mime_table E:/Squid/etc/mime.conf > pid_filename E:/Squid/log/squid.pid > dns_nameservers IP1 IP2 > ftp_user user@SquidNT > diskd_program E:/Squid/libexec/diskd.exe > unlinkd_program E:/Squid/libexec/unlinkd.exe > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web > server > auth_param basic credentialsttl 2 hours > refresh_pattern ftp: 1440 20Percent 10080 > refresh_pattern gopher: 1440 0Percent 1440 > refresh_pattern . 0 20Percent 4320 > visible_hostname SquidNT > icon_directory E:/Squid/share/icons > error_directory E:/Squid/share/errors/english > coredump_dir E:/Squid/cache > cache_access_log E:/Squid/log/access.log > cache_log E:/Squid/log/cache.log > cache_store_log none > emulate_httpd_log off > client_netmask 0.0.0.0 #Anonymisierung der Clients > log_fqdn off > log_mime_hdrs off > acl QUERY urlpath_regex cgi-bin \? > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl CORP-NET src "Range 1" > acl CORP-NET src "Range 2" > acl CORP-NET src "Range 3" > acl CORP-NET src "Range 4" > acl CORP-NET src "Range 5" > acl CORP-NET src "Range 6" > acl VPN-ACCESS src "Range 7" > acl streaming rep_mime_type ^video/x-ms-asf > ^video/x-ms-sf ^audio/mpeg > ^audio/x-mpeg ^audio/x-pn-realaudio > ^audio/x-pn-realaudio-plugin > ^application/x-mms-framed > ^application/vnd.ms.wms-hdr.asfv1 > acl block_stream urlpath_regex > \.(ra?m|ra|rpm|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|\?) > acl blocked_url url_regex > "E:/Squid/etc/squid-block.acl" > acl allowed_url url_regex > "E:/Squid/etc/squid-allow.acl" > no_cache deny QUERY > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow CORP-NET > http_access allow VPN-ACCESS > http_access deny blocked_url > http_access deny all > http_reply_access deny block_stream > http_reply_access deny streaming > http_reply_access allow CORP-NET > http_reply_access allow VPN-ACCESS > http_reply_access deny blocked_url > http_reply_access deny all > icp_access deny all > snmp_access deny all > > > I would appreciate your help. > Thank you. > > Andreas > > > ________________________________________________________ Apakah Anda Yahoo!? Sekarang dengan penyimpanan 1GB http://id.mail.yahoo.com/
