I've done the same thing far to many times and it drove me nuts trying to find it. J -----Original Message----- From: Sergio Chavarri [mailto:sergio_chavarri@xxxxxxxxx] Sent: Monday, May 29, 2006 5:57 PM To: Jason Staudenmayer; squid-users@xxxxxxxxxxxxxxx Subject: RE: Help in ACL Configuration using three rules Thank you Jason for the advice. Its works! Sergio --- Jason Staudenmayer <jasons@xxxxxxxxxxxxxxxxxxxxx> wrote: > This looks like your problem > >http_access deny BlockExt > > > >#Allow specialdomain without BlockExt > >http_access deny BlockExt !specialdomain > > > You have a deny all first remove that first one and > try it again. > > Jason > > -----Original Message----- > From: Sergio Chavarri > [mailto:sergio_chavarri@xxxxxxxxx] > Sent: Monday, May 29, 2006 3:09 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Help in ACL Configuration > using three rules > > > Hi everyone, > After made a research in squid database, maybe > something is missing and I would like a feedback of > this configuration > > I am trying to create an access list with "denied > sites" and denied extension format, like mp3, exe > > But, at the same time I would like to allow a > special > list (domains) to access without restrictions (mp3, > exe) > > Actually, I can deny a list of sites and deny an > extension list(mp3,exe) at the same time, but It > doesn't work to allow without restriction the > special > list. > > Please, take a look in the next lines and let me > know > my mistakes in order to implement them. > > Thanks a lot. Sergio > > # Proxy port - > http_port 8080 > > # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION > ALGORITHM > # # > proxy > icp > # # hostname type > port > port options > # # -------------------- -------- > ----- > ----- ----------- > cache_peer proxy.mysite.com parent 8080 0 > default no-query allow-miss login=PASS > > # TAG: hierarchy_stoplist > hierarchy_stoplist cgi-bin ? > > # TAG: no_cache > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > > # TAG: cache_mem (bytes) > cache_mem 64 MB > > # TAG: cache_dir > cache_dir ufs /var/spool/squid 1000 64 256 > > # TAG: auth_param > auth_param basic children 5 > > > auth_param basic realm Squid proxy-caching web > server > > auth_param basic credentialsttl 2 hours > > > > > > # TAG: refresh_pattern > #Suggested default: > > > refresh_pattern ^ftp: 1440 20% > 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > > refresh_pattern . 0 20% 4320 > > > > > # ACCESS CONTROLS > # TAG: acl > # Local networks with "C" IP class: office1,office2, > office3 > acl office1 src 7.24.10.0/24 > acl office2 src 7.24.50.0/24 > acl office3 src 7.24.60.0/24 > > acl SSL_ports port 443 563 8143 > > acl Safe_ports port 80 # http > > > acl Safe_ports port 21 # ftp > > > acl Safe_ports port 443 563 # https, snews > > > acl Safe_ports port 70 # gopher > > > acl Safe_ports port 210 # wais > > > acl Safe_ports port 1025-65535 # unregistered ports > > > acl Safe_ports port 280 # http-mgmt > > > acl Safe_ports port 488 # gss-http > > > acl Safe_ports port 591 # filemaker > > > acl Safe_ports port 777 # multiling http > > > acl CONNECT method CONNECT > > > > # acl deny for web radio stream - > acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$ > > > acl webRadioReq2 req_mime_type -i > ^application/vnd.ms.wms-hdr.asfv1$ > acl webRadioReq3 req_mime_type -i > ^application/x-mms-framed$ > > acl WMP browser Windows-Media-Player/* > > > > > > # acl deny for extensions > > > acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$ > \.wmv$ > \.avi$ \.mpeg$ \.mpg$ \.qt > $ \.ram$ \.rm$ \.iso$ \.wav$ \.exe$ > > > > #Special domain without restriction (exe, mp3..) > acl specialdomain dstdomain < > /etc/squid/specialdomain > > > > > # Access deny for Web radio /Stream > http_access deny WMP all > http_access deny webRadioReq1 all > http_access deny webRadioReq2 all > http_access deny webRadioReq3 all > > http_reply_access deny webRadioRep1 all > http_reply_access deny webRadioRep2 all > http_reply_access deny webRadioRep3 all > > http_access deny BlockExt > > #Allow specialdomain without BlockExt > http_access deny BlockExt !specialdomain > > #Extension for domain & path > #Extension List using files AAA > acl deniedsites url_regex "/etc/squid/deniedsites" > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > === message truncated === __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com