Search squid archive

R: [squid-users] acl order

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>those won't do anything, use http_reply_access instead of http_access, 
>to deal with mime-types

I attached "partial acl" to this email only for example, infact in real
squid.conf there is also http_reply_access to deal with deal mime-types.
But do you suggest to use both https_access and http_reply_access, or only
http_access directive ?


> acl nosoundnovid rep_mime_type audio video

This acl 'rep_mime_type audio video' contains all mime type of video audio
streams ?! I have to add ' req_mime_type audio video' too ?

>are you sure that you need to filter requests instead of reply here ?

I answered you in first point.



-----Messaggio originale-----
Da: Erwann PENCREACH [mailto:erwann.pencreach@xxxxxxxxxxxxxx] 
Inviato: Friday, August 14, 2009 8:12 AM
A: squid-users@xxxxxxxxxxxxxxx
Oggetto: Re:  acl order

Hi

Riccardo Castellani a écrit :
> If create these entries in squid.conf:
> 
> acl wwwebay dstdomain www.ebay.com
> acl wwwcons dstdomain demo.consortium.com
> acl emmepitre url_regex ^http://.*\.mp3
> acl msnmessq req_mime_type -i ^application/x-msn-messenger$
> acl msnmessp rep_mime_type -i ^application/x-msn-messenger$
> acl audiosp rep_mime_type -i ^audio/wav$
> acl videosp req_mime_type -i ^application/x-shockwave-flash$
> acl streaming_mediap rep_mime_type ^video/x-ms-asf
> acl streaming_mediap rep_mime_type ^audio/mpeg
> acl streaming_mediap rep_mime_type ^audio/x-scpls
> acl streaming_mediap rep_mime_type ^video/x-flv
> 
> http_access allow user2
> http_access allow user3


> http_access deny msnmessp
> http_access deny audiosp
> http_access deny videosp
> http_access deny streaming_mediap
> 
those won't do anything, use http_reply_access instead of http_access, 
to deal with mime-types

http_access allow user1 wwwebay
> http_access allow user1 wwwcons
> http_access deny wwwebay
> http_access allow user4
> ...
> ...
> ...
> http_access allow user100
> http_access deny all
> #
> http_reply_access allow user2
> http_reply_access allow user3
> http_reply_access deny msnmessp
> http_reply_access deny audiosp
> http_reply_access deny videosp
> http_reply_access deny streaming_mediap
> http_reply_access allow all
> 
> 
> In this case, I'd like:
> 
> user2+3 can access to everything.
> User1 can access only to www.ebay.com
> User4 to user 100 can access everything except msnmessp, audiosp, videosp,
> streaming_mediap, wwwebay, wwwcons.
> 
> 
> What's order on which rules are scanned from squid ?
from top to bottom
> What do you think about my schema criteria ?
- your audio and video filtering are not exaustive, I prefer using :

acl nosoundnovid rep_mime_type audio video


- are you sure that you need to filter requests instead of reply here ?

acl msnmessq req_mime_type -i ^application/x-msn-messenger$
acl videosp req_mime_type -i ^application/x-shockwave-flash$


> 
> --
> Ce courrier électronique a été vérifié et est exempt de virus connus à ce
jour.
> Contactez votre administrateur pour plus de renseignement.
> postmaster@xxxxxxxxxxxxxx


--
Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce
jour.
Contactez votre administrateur pour plus de renseignement.
postmaster@xxxxxxxxxxxxxx
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux