On 6/05/20 12:42 am, robert k Wild wrote: > cool thanks Amos :) > > if your interested these are my lines in my config > > #allow special URL paths > acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt" > > #deny MIME types > acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt" > http_reply_access allow special_url The above is wrong. It is allowing by URL, regardless of the mime type. > http_reply_access deny mimetype > That is the opposite of your stated requirement. It will *prevent* the mime type check from identifying downloads in the special_url. A better way to write the above policy would be: http_reply_access deny !special_url mimetype Also, be aware that http_reply_access denial only prevents the download reaching the client. It still has to be fully downloaded by Squid - lots of bandwidth and processing cycles wasted. If you are blocking traffic by URL do that in http_access instead. > urlspecial.txt > > http://updater.maxon.net/server_test > http://updater.maxon.net/customer/R21.0/updates15 > http://updater.maxon.net/customer/general/updates15 > ^http://ccmdl.adobe.com/AdobeProducts/KCCC/1/win64/packages/.* > ^http://ccmdl.adobe.com/AdobeProducts/KCCC/1/osx10/packages/.* > ^http://www.eztitles.com/download.php? > ^https://attachments.office.net/owa/.* > Do not put .* on the end of regex patterns. That only forces the regex library to scan longer than necessary and waste memory. Also this pattern: ^http://www.eztitles.com/download.php? actually means: ^http://www.eztitles.com/download.ph ('?' is a regex special character. Like '*' it is deceptively harmful at the start or end of a pattern) Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
