On Mon, 1 Nov 2010 14:41:19 +0100, Konrado Z <konradoz@xxxxxxxxxxxxxxxx> wrote: > Hello, > Thanks for reply but I still have problem > > My all acls and http_access > acl clients 192.168.56.0/24 > acl funWebsites dstdom_regex "/etc/squid/funWebsites" > acl workingHours time M T W H F 8:00-16:00 There are not meant to be any spaces between the day letters above. The above with spaces will likely be blocking all day only on Mondays or not at all. > acl officeFiles urlpath_regex "/etc/squid/officeFiles" > > http_access deny clients workingHours funWebsites > http_access deny clients !officeFiles > http_access allow all NP: "allow all" means traffic from the entire Internet. That should be "allow clients". > > But the problem for sure is here: http_access deny clients > !officeFiles (file officeFiles is presented in the 1st post) - I have > check it. > > I want that clients have an access to the Internet but download files > only listed in the file officeFiles. But when I write > http_access deny clients !officeFiles they cannot browse any website > but can only dowloads these files given. How to write it, to give them > access to the Internet and allow them download only 4, 5 types of > files? As requested earlier: "Please list the exact fill set of patterns you are using. One of them is probably wrong." That means the exact and full content of /etc/squid/officeFiles. Sorry if I was unclear. Amos > > 2010/11/1 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >> On 01/11/10 12:46, Konrado Z wrote: >>> >>> Hello, >>> >>> I have encountered a problem with ACL. I want to disable download all >>> kinds of files for subnet specified except pdf, doc, xls, txt, zip. I >>> have created officeFile file wich is shown below: >>> >>> \.[Dd][Oo][Cc]$ >>> \.[Tt][Xx][Tt]$ >>> etc. >>> >>> but, >>> >>> acl clients 192.168.56.0/24 >>> acl officeFiles urlpath_regex "/etc/squid/officeFiles" >> >> Using -i makes the pattern non-case-sensitive. >> acl officeFiles urlpath_regex -i \.(doc|txt)$ >> >> >>> >>> and >>> >>> http_access deny clients !officeFiles >>> http_access allow all #It has to be here because it is the last line >>> in my config which is associated with other ACLS >>> >>> >>> doesn't work because clients cannot open even google.com. I have no >>> idea, how to overcome that problem. How to write this ACL and >>> http_access to work properly. >>> Please help. >> >> Please list the exact fill set of patterns you are using. One of them is >> probably wrong. >> >> >> You could also match the actual reply mime types. This reply ACL allows >> some >> types and denies the rest: >> >> acl webMime rep_mime_type -i text/html image/jpeg image/png image/gif >> text/css >> http_reply_access deny !webMime >> >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE9 or 3.1.8 >> Beta testers wanted for 3.2.0.2 >>
