Hi, Currently I am writing a website which will be capable of managing a whitelist for squid, it is almost finished and uses php/mysql and ldap for authentication. When I put it online I will notify anyone who is interested, a preview can be seen on http://cc.jct.ac.il/~elyahyu/projects/odp/ however it has slightly limited functionality* as that server is not allowed 'out'. (for user-rights: test/test , for admin-rights: demo/demo) Anyhow, I have a few questions about the syntax of acls... (I use the debian build of Squid2.5STABLE12) The situation is as follows, I have decided that we are using "dstdomain" and not "regex_url -i" as the type of acl for the whitelist, as the second one will actually allow "http://whatever.com?blah=someallowedwebsite.com"; to go through. Eventhough all the css and images won't come through the potential of abuse is not welcome by us. For certain sites we want to block images/multimedia content at this point my acl looks like this: site.com.*\.jpg site.com.*\.gif site.com.*\.swf This can definitely be done on one line, but I have not succeeded in implementing it on one line. Also is there a way to block according to mime-type instead of heaving to add every single extension to the file? The relevant part in squid.conf is: acl noPics url_regex -i "/etc/squid/nopics" http_access deny noPics # limit list of sites acl permitted_sites dstdomain "/etc/squid/permitted" http_access allow permitted_sites http_access deny all Thank you very much, Eliyahu S. Rosenberg * limited functionality actually in this case means that you can't request or add websites, this is due to the fact that I have a script which actually checks if the requested/added url is a working/real url by checking the HTTP-response, it also warns if the website was moved (HTTP-code 30x), but as this server cannot run such code this script will always fail. I will soon put up a demo in a different location.
