Re: What's wrong with this acl?

On Sun, 21 May 2000, Simon Bryan wrote:

> Hi,
> I have the following in my squid .conf, can anyone tell me whay it isn't
> working? That is the sites are still served up.
>
> acl chatrooms2 url_regex "/etc/squid/acls/chatrooms2"
> http_access deny chatrooms2
>
> The file chatrooms2 is:
> \.LeagueChat\.
> \.Chat\.
> \.chat\.
> \.chat_email\.
> \.Chat_Rooms\.
> \.chatroom\.
> \.General_Chat\.
> \.hnchat\.
> \.voicechat\.
> \.Teenchat\.
> \.memberchat\.
>
> I know it is being parsed by Squid as if I make a deliberate mistake in the file
> Squid complains. There is nothing in the log except the entry where the
> pages are being served up.
>
> http://www.blueandgoldarmy.com/Chat/chat.htm simon
> DIRECT/www.blueandgoldarmy.com text/html
> 958877654.304 147 192.0.0.52 TCP_HIT/000 0 GET
>
> Shouldn't this site be barred?

No, because neither "/Chat/" or "/chat." match ".Chat." or ".chat.".
If you replace the '\.' with '/' (or '\/' if escaping is required in
this case) it should match the first part. Also, if you use:

acl chatrooms url_regex -i "/foo/filename"

then you don't need to put multiple regexps in there just for
differences in capitalization.

I like to use "\b" in my regexps which denotes a "word boundary".
For example, if you want to match either a '.' or '/' or any other
non-word character, use the following as a regexp:

\bchat\b

This would match both "/Chat/" and "/chat." in the URL above if
case-insensitive matching is enabled with the -i option. The main
advantage of doing this rather than using the catch-all '.' for
any-character matching is that you won't accidentally match any other
word that just happens to have "chat" in the middle of it (like
"achate"... yes, its a real word).

By the way, depending on what regex libraries Squid was compiled with,
some of the regex functions may not work. For some reason, the regexp
libraries included with FreeBSD don't seem to understand "\b", so I
had to configure Squid with --enable-gnuregex so it would use the GNU
regex libraries.

-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
   FreeBSD: The fastest and most stable server OS on the planet.
   For Intel x86 and Alpha architectures. ( http://www.freebsd.org )
Received on Sat May 20 2000 - 23:25:59 MDT