> Thomas Raef wrote: > > You need to apply your acls with some deny statements. > > > > http_reply_access deny blockfiles for your mp3's, etc. > > > > To block websites I use dstdomain instead of url_regex. > > > > So my squid.conf contains: > > > > acl blocksites dstdomain "/etc/squid/squid-block.acl" > > > > http_access deny blocksites > > > > > > One other suggestion would be to block by filetype and not just file > > extension. > > > >> Hi List, > >> I'm new to this list. i have a question about transparent > >> proxy. if i apply an ACL for downloading mp3 and mpeg. but it's not > >> working, user's are able to download mp3 or mpeg... > >> here is my config..squid.conf file. > >> > >> port 8080 > >> acl blocksites url_regex "/etc/squid/squid-block.acl" > > That should be: > > acl blocksites dstdomain "/etc/squid/squid-block.acl" > > >> > >> "quid-block.acl" > >> .meebo.coms > >> .sex.com > > > > >> > >> acl blockfiles urlpath_regex "/etc/squid/multimedia.files.acl" > >> > >> "multimedia.files.acl" > >> \.[Aa][Vv][Ii]$ > >> \.[Mm][Pp][Gg]$ > >> \.[Mm][Pp][Ee][Gg]$ > >> \.[Mm][Pp]3$ > > you can also simplify your regex a LOT, by adding -i to the acl and > making it case insensitive. > > acl blockfiles urlpath_regex -i "..." > > http_access is the best to use with this, it catches things on the way > out before using up any bandwidth. > > http_access deny blocksites > http_access deny blockfiles > > as Thomas Raef said earlier there is also the rep_mime_type acl for > catching anything incoming that uses other file extensions (scripts etc) > > Amos [Tom replied with:] Ah yes. I recommended http_reply_access and as Amos stated correctly it should be http_access. For the rep_mime_type acl you could use: acl blockfile_type rep_mime_type audio/mpeg ... http_reply_access deny blockfile_type Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 "You're either hardened, or you're hacked!"
