On 01/-10/-28163 12:59 PM, Amos Jeffries wrote: > On 15/04/11 20:46, Trever L. Adams wrote: >> I am using squid 3.1.10. I have a virus scanner and a content classifier >> (to build content filter with Squid ACLs). The virus scanner has several >> modes. One scans transparently and passes on data in chunks. I have this >> working for various update sites, etc. >> >> However, I need to run streaming media through this. So I have acls like >> this: >> acl StreamMime rep_mime_type -i ^video/ >> acl StreamMime rep_mime_type -i ^audio/ >> >> adaptation_access updatesChain allow StreamMime > These would be the sites using flash multimedia. Which are neither > video/* nor audio/* media. > > Try with: > acl MediaMime rep_mime_type -i audio|video|flv|flash > Yes, I had flash covered in another rule, I forgot to paste it. Sorry. > > Should be working. But its not easy to tell what is going wrong > without the rest of the configuration context. Specifically everything > about "updatesChain". > > Amos adaptation_service_chain standardChain svcClassify svcVirusScan adaptation_service_chain updatesChain svcClassify svcVirusScanUpdates adaptation_access standardChain allow !SoftwareUpdateAgent !SoftwareUpdateDomain !SoftwareUpdateMime !StreamMime adaptation_access standardChain deny all adaptation_access updatesChain allow SoftwareUpdateAgent adaptation_access updatesChain allow SoftwareUpdateDomain adaptation_access updatesChain allow SoftwareUpdateMime adaptation_access updatesChain allow StreamMime adaptation_access updatesChain deny all These are c_icap modules. svcClassify is one I have written but haven't upstreamed yet. (Still trying to get a good base trained set for people to use.) It is currently set to only process images (flash, video, etc. is ignored with 204). The virus modules are the same, one is in a virulator mode (where anything over a certain size isn't directly downloaded). The other (updatesChain) is in a simple mode which should work well for streaming. My entire StreamMime: acl StreamMime rep_mime_type -i ^video/ acl StreamMime rep_mime_type -i ^audio/ acl StreamMime rep_mime_type -i ^application/octet-stream$ acl StreamMime rep_mime_type -i application/octet-stream acl StreamMime rep_mime_type -i ^application/x-mplayer2$ acl StreamMime rep_mime_type -i application/x-mplayer2 acl StreamMime rep_mime_type -i ^application/x-oleobject$ acl StreamMime rep_mime_type -i application/x-oleobject acl StreamMime rep_mime_type -i application/x-pncmd acl StreamMime rep_mime_type -i ^application/x-shockwave-flash$ acl StreamMime rep_mime_type -i audio|video|flv|flash SoftwareUpdate* is too big to post here. It works except (even mime types) which I cannot explain. Thank you, Trever -- "In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away." -- RFC1925: The Twelve Networking Truths
Attachment:
signature.asc
Description: OpenPGP digital signature
