acl, http_access, and urlpath_regex

Ages ago Henrik Nordstrom suggested that something of the form:

acl somemachines src 192.168.1.0/24
acl about.com dstdomain about.com
acl about.com_chat urlpath_regex mpchat.htm parachat.htm
http_access deny somemachines about.com about.com_chat

Would be the most efficient method of denying access to the chat sites
and only the chat sites on about.com for the users of a group of pcs
(somemachines in the acls above.)

Is there a way to source a file into squid.conf? Does it matter if I
mix up acl and http_access lines, with the understanding that they
will still be read sequentially or do all the acls have to precede the
http_access lines in squid.conf? Could I set up a list of in the form
acl,acl,http_access;acl,acl,http_access;etc... and read it in.

acl blah.com dst blah.com
acl blah.com_chat urlpath_regex chaturl.html morechat.htm
http_access deny blah.com blah.com_chat

Please note what I want is to keep the acls for domain, the
urlpath_regex and the http_access commands together.

Also, I am confused about the urlpath_regex command. I don't know if I made a mistake by typing something in wrong or if I simply don't understand regular expressions well enough. I used the following acl http_access.

acl programs urlpath_regex bin zip hqx sit
http_access allow programs imacs-ref password

My goal was to prevent patrons downloaded program files to the
iMacs. The machines don't have disk drives, so I'm simply keeping them
from wasting time. The note is squid.conf says

# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL\ path

Which to me is unclear. My expectation is that \.gif should match the
.gif at the end. Do I need to put the '$' in or is it implied. Since
my attempt to use the above resulted in all cgi-bin directories
becoming unreachable (without a password) I assume that I need the
'$'. On the other hand a similar line of documentation for url_regex
says shows the "^http://" in the documentation line even though it is
always implied.

So in the cases using urlpath_regex should I assume that there are no
implied symbols? Is "acl aclname url_regex whatever.com" equivalent
to "acl aclname urlpath_regex ^http://whatever.com" ?

-- 
Josh Kuperman                       josh@saratoga.lib.ny.us
Saratoga Springs Public Library     phone (518) 584-7860 x 211
49 Henry St                         fax   (518) 584-7866
Saratoga Springs, NY 12866