Yep, of course it shoud be http_reply_access. Thanks Amos it's that what I need 2010/11/2 Konrado Z <konradoz@xxxxxxxxxxxxxxxx>: > OK so I have definied > > acl webMimes rep_mime_type -i "etc/squid/mimes" > > Mimes file: > text/(html|css|plain|richtext) > application/(msword|pdf|vnd.ms-powerpoint|vnd.ms-excel|zip|x-compress) > image/(bmp|gif|jpeg|png|tiff|gif) > > and http_access section: > #http_access deny clients workingHours funWebsites > http_access deny clients !webMimes > http_access allow all > > Unfortunately 'clients' cannot browse any website even sth like > exampleDomain/exampleFile.txt > > Any suggestions? > > 2010/11/2 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >> On Mon, 1 Nov 2010 23:01:42 +0100, Konrado Z <konradoz@xxxxxxxxxxxxxxxx> >> wrote: >>> Thanks for your response. >>> >>>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles" >>>>> >>>>> http_access deny clients workingHours funWebsites >>>>> http_access deny clients !officeFiles >>>>> http_access allow all >>>> >>>> NP: "allow all" means traffic from the entire Internet. That should be >>>> "allow clients". >>>> >>> >>> Thanks that is a useful tip >>> >>>> >>>> As requested earlier: >>>> "Please list the exact fill set of patterns you are using. One of them >>>> is probably wrong." >>>> >>>> That means the exact and full content of /etc/squid/officeFiles. Sorry >> if >>>> I was unclear. >>> >>> \.[Dd][Oo][Cc]$ >>> \.[Pp][Dd][Ff]$ >>> \.[Xx][Ll][Ss]$ >>> \.[Zz][Ii][Pp]$ >>> \.[Gg][Ii][Ff]$ >>> \.[Pp][Pp][Tt]$ >>> >>> And jpg, rar, tiff, bmp, txt in the same style. >>> >>> I know that using this into http_access deny clients !officeFiles >>> causes blocking the whole WWW service (clients are allowed to download >>> only these types of files) but I'm not able to list every extension >>> such html, htm, php, asp etc. I want to make Internet service >> >> The pattern to match for the common web files is quite short: >> >> # defined white-list of acceptable web file extensions >> acl webFiles urlpath_regex -i >> [^?]*(\.([xd]?html?|aspx?|php[345]?|cgi|css|js|jpe?g|gif|png|x[ms]l||xst|swf)|/)(\?.*)?$ >> >> >>> available for clients but I want to deny DOWNLOADING files which are >>> not typical office files. And how to do it? I have no idea :) >> >> You face a concept problem: >> In HTTP *everything* including the HTML structure of the page is a >> DOWNLOAD. There is zero difference in file type between a "Download" >> button, a menu bar and some porn. Only the browser controls whether it asks >> to save the object or displays it (eg. opening an XHTML web page in IE4 >> will ask you where to save it). >> >> Consider as well how does one find these office files in order to >> download? when the HTML page (or HTML email), download button graphics, >> captcha security, search scripts and layout CSS are all blocked? >> >> >> I really think you need to clarify which types and sizes of object things >> are limited to. Then use http_reply_access on the file rep_mime_type. >> Probably source websites in http_access. >> >>> >>> P.S I was probably unclear earlier. Unfortunately my English is not so >>> well, so sorry :) >>> Konradoz >>> >>>> Amos >>>> >>>>> >>>>> 2010/11/1 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >>>>>> On 01/11/10 12:46, Konrado Z wrote: >>>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I have encountered a problem with ACL. I want to disable download >> all >>>>>>> kinds of files for subnet specified except pdf, doc, xls, txt, zip. >> I >>>>>>> have created officeFile file wich is shown below: >>>>>>> >>>>>>> \.[Dd][Oo][Cc]$ >>>>>>> \.[Tt][Xx][Tt]$ >>>>>>> etc. >>>>>>> >>>>>>> but, >>>>>>> >>>>>>> acl clients 192.168.56.0/24 >>>>>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles" >>>>>> >>>>>> Using -i makes the pattern non-case-sensitive. >>>>>> acl officeFiles urlpath_regex -i \.(doc|txt)$ >>>>>> >>>>>> >>>>>>> >>>>>>> and >>>>>>> >>>>>>> http_access deny clients !officeFiles >>>>>>> http_access allow all #It has to be here because it is the last line >>>>>>> in my config which is associated with other ACLS >>>>>>> >>>>>>> >>>>>>> doesn't work because clients cannot open even google.com. I have no >>>>>>> idea, how to overcome that problem. How to write this ACL and >>>>>>> http_access to work properly. >>>>>>> Please help. >>>>>> >>>>>> Please list the exact fill set of patterns you are using. One of them >>>> is >>>>>> probably wrong. >>>>>> >>>>>> >>>>>> You could also match the actual reply mime types. This reply ACL >> allows >>>>>> some >>>>>> types and denies the rest: >>>>>> >>>>>> acl webMime rep_mime_type -i text/html image/jpeg image/png >> image/gif >>>>>> text/css >>>>>> http_reply_access deny !webMime >>>>>> >>>>>> >>>>>> Amos >>>>>> -- >>>>>> Please be using >>>>>> Current Stable Squid 2.7.STABLE9 or 3.1.8 >>>>>> Beta testers wanted for 3.2.0.2 >>>>>> >>>> >> >
