Hello list, Yet Another Access List Question. As the doc says: "Access list rules are checked in the order they are written. List searching terminates as soon as one of the rules is a match." Well, that's quite clear I'd say. But why isn't this working properly: ############################################################ acl richard2_src 92.68.12.178 [..] acl no_filter_dst dstdomain "/etc/squid/nofilter.domains.txt" acl allow_mime_types rep_mime_type -i ^text/.* ^image/.* ^text/plain ^text/html ^application/.*ms.*word.* ^application/.*ms.*excel.* ^application/.*pdf.* ^application/.*xml.* ^application/.*java.* [..] http_access allow no_filter_dst http_reply_access deny !allow_mime_types richard2_src [..] ############################################################ $ cat /etc/squid/nofilter.domains.txt .xaq.nl The MIME type filter is working properly. But if I visit http://www.xaq.nl/ there is an swf file which should be blocked by the "allow_mime_types". But as the domain is allowed in the rule above "allow_mime_types", the "no_filter_dst", I'd expect that squid accepts the swf on that particular page. But it is denied: 1364728671.633 7 92.68.12.178 TCP_DENIED/403 1532 GET http://www.xaq.nl/clock.swf - DIRECT/192.87.112.211 text/html Why is that? R. -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://contact.xaq.nl/ | +------------------------------------------------------------------+
