Hi !
Something that could help you because it's simplier (IMHO) to manage
ACLs, is SquidGuard.
I use it and find it Extremely good.
Matching a rule with or without excerptions, is just a matter of typing
the word/url/address you are considering to ban/allow.
Regards
Valter
Reale Marco wrote:
Why confused?
Becuase this morning I discovered that the word causing "access denied" is "Pene"; this word is contained in acl "bad_word_content_type":
acl bad_word_content_type url_regex -i sesso culo culi tette nudo nuda seno seni PENE cazzo cazzi teen figa webtv streaming tvgratis
Reading log you can see:
2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif is ALLOWED, because it matched 'DomainUsers'
2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif is ALLOWED, because it matched 'all'
2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is ALLOWED, because it matched 'DomainUsers'
2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif is ALLOWED, because it matched 'all'
2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is DENIED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif is ALLOWED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The request GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif is DENIED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The reply for GET http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif is ALLOWED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The request GET http://www.comune.milano.it/home/css/home.css is ALLOWED, because it matched 'DomainUsers'
..............
..............
Is possibile to have in access.log "blocked by bad_word_content_type" acl? Or something similar?
Reading log I see ALLOWED,DENY,ALLOWED,DENY....but this didn't help me. Also because, for example, "DENIED, because it matched 'Proxy_Internet_Ts'" apparently doesn't have any sense (at least in this case)
Thanks
-----Messaggio originale-----
Da: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
Inviato: giovedì 16 novembre 2006 18.07
A: Reale Marco
Cc: squid-users@xxxxxxxxxxxxxxx
Oggetto: Re: Squid: What is wrong in myacl????
tor 2006-11-16 klockan 16:59 +0100 skrev Reale Marco:
I'll briefly try to explain:
1) visiting www.comune.milano.it the user/credential pop-up was shown
to me I tried to increase debug_option but it didn't help me because
log was confused
In what sense was it confused?
"The request .. is DENIED because it matched acl XXX" says the last acl on the http_access line which denied access. or the first encountered acl requiring authentication if the request was not authenticated.
"The reply for .." lines says what happened in http_reply_access.
Regards
Henrik
