Craig Skinner wrote:
I'm attempting to use ACLs to block non-HTML objects from particular domains. i.e: users should be able to see the html, but not the images. Tried various forms of and always end up will all or nothing: acl suspect-domains dstdom_regex "/etc/squid/suspect-domains.acl"
please, PLEASE use dstdomain instead of regex.
acl ok-mime-types rep_mime_type -i ^text/html$ acl ok-mime-types rep_mime_type -i text/html
First match falls inside the second. One of them is redundant.
# 1 #http_access allow ok-mime-types #http_access allow suspect-domains
allow mime types + allow suspect domains --- you wanted blocking. no blocking there.
# 2 #http_access allow suspect-domains ok-mime-types
better, and should work if you have no other allows' involving suspect-domains.
# 3 #http_access deny suspect-domains !ok-mime-types #http_access allow suspect-domains
This (3) should be working. It's exactly what you specified as your requirements above. Maybe to be extra paranoid "allow suspect-domains ok-mime-types', but not strictly needed.
http_access deny all What am I missing here?
Nothing that I can see from those. It should work. What does cache.log / access.log say when (3) is used? Amos
