> > >>> Hi Group, >>> >>> I am using squid to block pretty much all web access other than >>> work-related sites. However, I need to open up some of the popular >>> webmail sites. > >>Um, can you see the self-contradiction in that? popular webmail sites are > naturally non-work. If you operate via >email you should have company > servers to handle that. > > Well, we don't. And that is a whole other can of worms that doesn't need > to > be opened on this forum. > >>> >>> I was able to get hotmail work properly with the following ACL. But I >>> am having problems with gmail.com and mail.yahoo. >>> >>> acl WebmailSites dstdomain >>> .ard.yahoo.com >>> .login.yahoo.com >>> .mail.yahoo.com >>> .gmail.com >>> .mail.google.com >>> .google.com/accounts >>> .google.ca/accounts > >>These are NOT dstdomain. >>dstdoman is quite naturally ONLY a _domain_ . >>The /acounts is an URI. > > Thank-you. I'll experiment with that. > >>> .hotmail.com >>> .live.com >>> .passport.com >>> >>> For the gmail site, it won't seem to take the two /accounts entries at >>> all. >>> >>> The yahoo site partially works, but I get 'unable to load javascript' >>> errors. > >>Which would be natural if the javascript sub-includes are located > elsewhere. > > So my best bet is to scan all http headers when logging in, reading mail, > and logging out? And then include any and all unique domains and > subdomains > in the acl? Essentially yes. With some exceptions where the . wildcard is suitable as you use above. Amos > >>> >>> Has anyone got these to work? Care to share your ACL's with me? >>> >>> Thanks in advance! >>> >>> >>> Davan Wong >>> > >>Amos > > > >
