Re: Acl list Problem

From: Clifton Royston <cliftonr@dont-contact.us>
Date: Thu, 17 Jun 1999 09:16:43 -1000 (HST)

Narasimha Murthy writes:
[...]
> acl porn url_regex "/usr/local/squid/etc/porn.block.txt"
> acl noporn url_regex "/usr/local/squid/etc/pron.unblock.txt"
> http access deny porn
> http access allow noporn

As others have said, swapping the order of those last two lines should
help.

This is because ACLs are processed on a first-match basis. You need to
either match the unblock strings *first*, or rewrite your block strings
so as to avoid any false matches.

The effort sounds like a losing battle to me, but I understand that
there may be policy issues at your site forcing you to make the effort.
It might be a good idea, though, to make sure you let the policy-makers
and system users know that you can't guarantee any degree of success at
blocking pr0n sites. Otherwise, they may blame you when someone goes
diligently surfing for something offensive and finds it. :-)
  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC
Received on Thu Jun 17 1999 - 13:07:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:55 MST