This looks like your problem >http_access deny BlockExt > >#Allow specialdomain without BlockExt >http_access deny BlockExt !specialdomain > You have a deny all first remove that first one and try it again. Jason -----Original Message----- From: Sergio Chavarri [mailto:sergio_chavarri@xxxxxxxxx] Sent: Monday, May 29, 2006 3:09 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Help in ACL Configuration using three rules Hi everyone, After made a research in squid database, maybe something is missing and I would like a feedback of this configuration I am trying to create an access list with "denied sites" and denied extension format, like mp3, exe But, at the same time I would like to allow a special list (domains) to access without restrictions (mp3, exe) Actually, I can deny a list of sites and deny an extension list(mp3,exe) at the same time, but It doesn't work to allow without restriction the special list. Please, take a look in the next lines and let me know my mistakes in order to implement them. Thanks a lot. Sergio # Proxy port - http_port 8080 # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # # proxy icp # # hostname type port port options # # -------------------- -------- ----- ----- ----------- cache_peer proxy.mysite.com parent 8080 0 default no-query allow-miss login=PASS # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # TAG: no_cache acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # TAG: cache_mem (bytes) cache_mem 64 MB # TAG: cache_dir cache_dir ufs /var/spool/squid 1000 64 256 # TAG: auth_param auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # ACCESS CONTROLS # TAG: acl # Local networks with "C" IP class: office1,office2, office3 acl office1 src 7.24.10.0/24 acl office2 src 7.24.50.0/24 acl office3 src 7.24.60.0/24 acl SSL_ports port 443 563 8143 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # acl deny for web radio stream - acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$ acl webRadioReq2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ acl webRadioReq3 req_mime_type -i ^application/x-mms-framed$ acl WMP browser Windows-Media-Player/* # acl deny for extensions acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$ \.wmv$ \.avi$ \.mpeg$ \.mpg$ \.qt $ \.ram$ \.rm$ \.iso$ \.wav$ \.exe$ #Special domain without restriction (exe, mp3..) acl specialdomain dstdomain < /etc/squid/specialdomain > # Access deny for Web radio /Stream http_access deny WMP all http_access deny webRadioReq1 all http_access deny webRadioReq2 all http_access deny webRadioReq3 all http_reply_access deny webRadioRep1 all http_reply_access deny webRadioRep2 all http_reply_access deny webRadioRep3 all http_access deny BlockExt #Allow specialdomain without BlockExt http_access deny BlockExt !specialdomain #Extension for domain & path #Extension List using files AAA acl deniedsites url_regex "/etc/squid/deniedsites" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
