Hi, My question is simple. I have blocked all the downloads on my LAN systems using acl rules. But there is a trusted domain, say "example.com" from which users on my LAN should be able to download any file. For example: zip or exe file. I do not have site restriction on that site. So all users can access the site, but they are not able to download through that site. I tried using \.microsoft\.com using dstdomain acl type. But its not working. The http_reply_access rule is denying the download. I have following configuration: acl allow_downloads dstdomain -i \.microsoft\.com http_reply_access allow allow_downloads http_reply_access deny all I want to allow downloading from "example.com" domain while still restricting downloads from other domains. Any ideas? Thanks. On Fri, Jun 29, 2012 at 5:32 PM, Edmonds Namasenda <namasenda@xxxxxxxxx> wrote: >>> Shastri, try the below >>> >>> Assume... >>> 1. Preventing Downloads File (nodowns.txt) has the following >>> \.msi$ >>> \.exe$ >>> \.zip$ >>> \.etc$ > > The above is regex > >>> >>> 2. Trusted Sites File (goodsites.txt) has the following >>> *.*microsoft*.com* >>> *.*windows*.com* >>> *.*etc*.com*.com* >> >> >> WTF? Does regex even accept that? >> >> *.*microsoft*.com* > > Amos, the above is dstdomain. You must have missed the regex entries > before this. > >> >> ==> (zero or more 'nothings')(zero or more characters)(the text >> "microsof")(zero or more 't' characters)(any single character)(thetext >> "co")(zero or more 'm' characters) >> >> Don't you mean this? >> \.microsoft\.com >> \.windows\.com >> \.etc\.com\.com >> > > Thanks for that insight. > >> >> Or perhapse the better version: >> >> acl goodsites dstdomain .microsoft.com .windows.com .etc.com.com >> >> > > Will that not be too much is you have a long list of sites? > >>> >>> 3. Accompanying ACLs for files above >>> acl nodowns urlpath_regex -i "/path_to/nodowns.txt" # With quotation marks >>> acl goodsites dstdomains -i "/path_to/goodsites.txt" # With quotation >>> marks >>> >>> 4. Controlling Rule >>> http_access deny nodowns !goodsites # Put it above any "allow" rule >>> >>> The above is my thinking, and I could do with correction. >>> >>> # Edmonds >> >> >> Pretty much. The problem is that Chaitanya supplied no details about their >> config. Could be much simpler or much more complicated. >> >> Amos >> >>> >>> On Fri, Jun 29, 2012 at 12:30 PM, Chaitanya Shastri wrote: >>>> >>>> Hi Amos, >>>> >>>> I have acl rules for preventing downloads on client machines. So a >>>> client cannot download any file (for example, .exe, .zip .. etc ) on >>>> his/her machine. >>>> What I want is that all clients should be able to download any type of >>>> file from certain trusted domain. >>>> In short I want to allow a domain in my squid configuration from which >>>> any client can download any type of file. >>>> >>>> Thanks. >>>> >>>> On Fri, Jun 29, 2012 at 1:15 PM, Amos Jeffries wrote: >>>>> >>>>> On 29/06/2012 6:10 p.m., Chaitanya Shastri wrote: >>>>>> >>>>>> Hi list, >>>>>> >>>>>> Is it possible to allow downloads from certain trusted sites? I >>>>>> tried using the url_regex acl to list certain trusted sites from which >>>>>> our users can download any file. >>>>>> >>>>>> Ex. acl allow_downloads url_regex -i ^http:\/\/example\.com >>>>>> http_reply_access allow allow_downloads localnet # where >>>>>> localnet is my LAN range >>>>>> >>>>>> But its not working. Any ideas on how to get it work? >>>>>> >>>>>> Thanks. >>>>> >>>>> >>>>> Any idea what is blocking them from working in the first place? >>>>> >>>>> Amos >>>>>
