Hi
Riccardo Castellani a écrit :
If create these entries in squid.conf:
acl wwwebay dstdomain www.ebay.com
acl wwwcons dstdomain demo.consortium.com
acl emmepitre url_regex ^http://.*\.mp3
acl msnmessq req_mime_type -i ^application/x-msn-messenger$
acl msnmessp rep_mime_type -i ^application/x-msn-messenger$
acl audiosp rep_mime_type -i ^audio/wav$
acl videosp req_mime_type -i ^application/x-shockwave-flash$
acl streaming_mediap rep_mime_type ^video/x-ms-asf
acl streaming_mediap rep_mime_type ^audio/mpeg
acl streaming_mediap rep_mime_type ^audio/x-scpls
acl streaming_mediap rep_mime_type ^video/x-flv
http_access allow user2
http_access allow user3
http_access deny msnmessp
http_access deny audiosp
http_access deny videosp
http_access deny streaming_mediap
those won't do anything, use http_reply_access instead of http_access,
to deal with mime-types
http_access allow user1 wwwebay
http_access allow user1 wwwcons
http_access deny wwwebay
http_access allow user4
...
...
...
http_access allow user100
http_access deny all
#
http_reply_access allow user2
http_reply_access allow user3
http_reply_access deny msnmessp
http_reply_access deny audiosp
http_reply_access deny videosp
http_reply_access deny streaming_mediap
http_reply_access allow all
In this case, I'd like:
user2+3 can access to everything.
User1 can access only to www.ebay.com
User4 to user 100 can access everything except msnmessp, audiosp, videosp,
streaming_mediap, wwwebay, wwwcons.
What's order on which rules are scanned from squid ?
from top to bottom
What do you think about my schema criteria ?
- your audio and video filtering are not exaustive, I prefer using :
acl nosoundnovid rep_mime_type audio video
- are you sure that you need to filter requests instead of reply here ?
acl msnmessq req_mime_type -i ^application/x-msn-messenger$
acl videosp req_mime_type -i ^application/x-shockwave-flash$
--
Ce courrier électronique a été vérifié et est exempt de virus connus à ce jour.
Contactez votre administrateur pour plus de renseignement.
postmaster@xxxxxxxxxxxxxx
--
Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce jour.
Contactez votre administrateur pour plus de renseignement.
postmaster@xxxxxxxxxxxxxx
begin:vcard
fn:Erwann Pencreach
n:Pencreach;Erwann
org:Centre Hospitalier de Chaumont;Service Informatique
adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000
email;internet:erwann.pencreach@xxxxxxxxxxxxxx
title:Technicien Informatique
tel;work:0325357321
tel;fax:0325030674
x-mozilla-html:FALSE
version:2.1
end:vcard