Search squid archive

RE: Help in ACL Configuration using three rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've done the same thing far to many times and it drove me nuts trying
to find it.

J

-----Original Message-----
From: Sergio Chavarri [mailto:sergio_chavarri@xxxxxxxxx] 
Sent: Monday, May 29, 2006 5:57 PM
To: Jason Staudenmayer; squid-users@xxxxxxxxxxxxxxx
Subject: RE:  Help in ACL Configuration using three rules


Thank you Jason for the advice. Its works!
Sergio

--- Jason Staudenmayer <jasons@xxxxxxxxxxxxxxxxxxxxx>
wrote:

> This looks like your problem
> >http_access deny BlockExt                        
> >
> >#Allow specialdomain without BlockExt
> >http_access deny BlockExt !specialdomain
> >
> You have a deny all first remove that first one and
> try it again.
> 
> Jason
> 
> -----Original Message-----
> From: Sergio Chavarri
> [mailto:sergio_chavarri@xxxxxxxxx] 
> Sent: Monday, May 29, 2006 3:09 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject:  Help in ACL Configuration
> using three rules
> 
> 
> Hi everyone,
> After made a research in squid database, maybe
> something is missing and I would like a feedback of
> this configuration
> 
> I am trying to create an access list with "denied
> sites" and denied extension format, like mp3, exe
> 
> But, at the same time I would like to allow a
> special
> list (domains) to access without restrictions (mp3,
> exe)
> 
> Actually, I can deny a list of sites and deny an
> extension list(mp3,exe) at the same time, but It
> doesn't work to allow without restriction the
> special
> list.
> 
> Please, take a look in the next lines and let me
> know
> my mistakes in order to implement them.
> 
> Thanks a lot. Sergio
> 
> # Proxy port - 
> http_port 8080
> 
> # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION
> ALGORITHM 
> #       #                                       
> proxy
>  icp                 
> #       #          hostname             type    
> port 
>  port  options       
> #       #          -------------------- --------
> -----
> -----  -----------   
> cache_peer      proxy.mysite.com    parent    8080 0
> default no-query allow-miss login=PASS
> 
> #  TAG: hierarchy_stoplist   
> hierarchy_stoplist cgi-bin ?  
> 
> #  TAG: no_cache  
> acl QUERY urlpath_regex cgi-bin \?  
> no_cache deny QUERY
> 
> #  TAG: cache_mem       (bytes)
> cache_mem 64 MB
> 
> #  TAG: cache_dir    
> cache_dir ufs /var/spool/squid 1000 64 256
> 
> #  TAG: auth_param
> auth_param basic children 5                         
>  
>         
> auth_param basic realm Squid proxy-caching web
> server 
>         
> auth_param basic credentialsttl 2 hours             
>  
>         
>                                                     
>  
>         
> #  TAG: refresh_pattern
> #Suggested default:                                 
>  
>        
> refresh_pattern ^ftp:           1440    20%    
> 10080 
>        
> refresh_pattern ^gopher:        1440    0%      1440
>  
>        
> refresh_pattern .               0       20%     4320
>  
>        
> 
> 
> # ACCESS CONTROLS
> #  TAG: acl  
> # Local networks with "C" IP class: office1,office2,
> office3
> acl office1 src 7.24.10.0/24
> acl office2 src 7.24.50.0/24
> acl office3 src 7.24.60.0/24
> 
> acl SSL_ports port 443 563 8143
> 
> acl Safe_ports port 80          # http              
>  
>          
> acl Safe_ports port 21          # ftp               
>  
>          
> acl Safe_ports port 443 563     # https, snews      
>  
>          
> acl Safe_ports port 70          # gopher            
>  
>          
> acl Safe_ports port 210         # wais              
>  
>          
> acl Safe_ports port 1025-65535  # unregistered ports
>  
>          
> acl Safe_ports port 280         # http-mgmt         
>  
>          
> acl Safe_ports port 488         # gss-http          
>  
>          
> acl Safe_ports port 591         # filemaker         
>  
>          
> acl Safe_ports port 777         # multiling http    
>  
>          
> acl CONNECT method CONNECT                          
>  
>          
> 
> # acl deny for web radio stream - 
> acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$  
>  
>                  
> acl webRadioReq2 req_mime_type -i
> ^application/vnd.ms.wms-hdr.asfv1$    
> acl webRadioReq3 req_mime_type -i
> ^application/x-mms-framed$            
>  
> acl WMP browser Windows-Media-Player/*              
>  
>                                                     
>  
>                                  
> 
> # acl deny for extensions                           
>  
>                          
> acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$
> \.wmv$
> \.avi$ \.mpeg$ \.mpg$ \.qt
> $ \.ram$ \.rm$ \.iso$ \.wav$ \.exe$                 
>  
>                          
> 
> #Special domain without restriction (exe, mp3..)
> acl specialdomain dstdomain <
> /etc/squid/specialdomain
> >
> 
> 
> # Access deny for Web radio /Stream  
> http_access deny WMP all                         
> http_access deny webRadioReq1 all                
> http_access deny webRadioReq2 all                
> http_access deny webRadioReq3 all                
>                                                  
> http_reply_access deny webRadioRep1 all          
> http_reply_access deny webRadioRep2 all          
> http_reply_access deny webRadioRep3 all          
>                                                  
> http_access deny BlockExt                        
> 
> #Allow specialdomain without BlockExt
> http_access deny BlockExt !specialdomain
> 
> #Extension for domain & path            
> #Extension List using files AAA     
> acl deniedsites  url_regex "/etc/squid/deniedsites"
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux