On Sun, 31 Mar 2013 12:38:10 +0100 Alex Crow wrote: Yep, that did the trick :) Thnx! R. > You have allowed the http request to the site, but you have denied > the reply. http_access and http_reply access are different rule types. > > If you add an "http_reply_access allow no_filter_dest" above the last > rule I think it will work. > > Thanks > > Alex > > On 31/03/13 12:21, richard lucassen wrote: > > Hello list, Yet Another Access List Question. > > > > As the doc says: > > > > "Access list rules are checked in the order they are written. List > > searching terminates as soon as one of the rules is a match." > > > > Well, that's quite clear I'd say. But why isn't this working > > properly: > > > > ############################################################ > > acl richard2_src 92.68.12.178 > > > > [..] > > acl no_filter_dst dstdomain "/etc/squid/nofilter.domains.txt" > > > > acl allow_mime_types rep_mime_type -i ^text/.* ^image/.* > > ^text/plain ^text/html ^application/.*ms.*word.* > > ^application/.*ms.*excel.* ^application/.*pdf.* ^application/.*xml.* > > ^application/.*java.* > > > > [..] > > > > http_access allow no_filter_dst > > http_reply_access deny !allow_mime_types richard2_src > > [..] > > ############################################################ > > > > $ cat /etc/squid/nofilter.domains.txt > > .xaq.nl > > > > The MIME type filter is working properly. But if I visit > > http://www.xaq.nl/ there is an swf file which should be blocked by > > the "allow_mime_types". But as the domain is allowed in the rule > > above "allow_mime_types", the "no_filter_dst", I'd expect that > > squid accepts the swf on that particular page. But it is denied: > > > > 1364728671.633 7 92.68.12.178 TCP_DENIED/403 1532 GET > > http://www.xaq.nl/clock.swf - DIRECT/192.87.112.211 text/html > > > > Why is that? > > > > R. > > > -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://contact.xaq.nl/ | +------------------------------------------------------------------+
