[squid-users] acl-problem

I am running Squid 2.3 S4 (I know there are newer versions...)

I disallow some sites and forbid accessing exe-files.
If a user really needs an exe-file I allow this special file.

Now I dont understand why a link leading to
"http://fn5054.zff.zf-group.de/cgi-bin/webclient/www_int.exe"
is refused. If I allow all exe-files the link works.

Any hints?

My configuration:

HTTP/1.0 200 OK Server: Squid/2.3.STABLE4 Mime-Version: 1.0 Date: Tue, 28
May 2002 09:55:42 GMT Content-Type: text/plain
...

shutdown_lifetime 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1
acl manager proto cache_object
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 488
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 591
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 777
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 0
acl denymp3 url_regex .mp3$
acl denymp3 url_regex #
acl denymp3 url_regex mp3-Files
acl denymp3 url_regex (dwonload)
acl porn url_regex \.avi$
acl porn url_regex \.mpg$
acl noporn url_regex
http://fn5054.zff.zf-group.de/cgi-bin/webclient/www_int.exe?cgiparam=WWW_REA
_MAIN_MEN/ZFF-WWW-TOP-DOC
acl noporn url_regex
http://fn5054.zff.zf-group.de/cgi-bin/webclient/www_int.exe
acl deny_muell_regex url_regex .mp3$
acl deny_muell_regex url_regex README.EML
acl deny_muell_regex url_regex root.exe
acl deny_muell_regex url_regex cmd.exe
acl deny_muell_regex url_regex readme.eml
acl deny_muell_regex url_regex readme.exe
acl deny_muell_regex url_regex default.ida
acl deny_muell_url urlpath_regex \.eml$
acl deny_muell_url urlpath_regex \.exe$
acl deny_muell_url urlpath_regex \.com$
acl intranet2 dstdomain .rexroth.de
acl intranet3 dstdomain .vodafone-telecommerce.de
acl intranet3 dstdomain .mannesmann.de
acl intranet4 dstdomain .rexroth-mecman.de
acl intranet_rexroth dst 145.230.211.0/255.255.255.0
acl intranet5 dst 192.71.221.29
acl intranet6 dst 195.233.149.75
acl intranet_mpoint dst 145.230.129.173
acl intranet_mpoint dst 145.230.131.140
acl intranet_sachs dst 192.125.140.0/255.255.255.0
acl intranet_sachs dst 195.232.137.0/255.255.255.0
acl intranet2_sachs dstdomain 145.230.111.120/255.255.255.0
acl intranet1_sachs dst 195.232.137.3
acl internet_sachs dstdomain .sachs-ag.de
acl internet_sachs dstdomain .sachs.de
acl intranet_vdo_auto dst 193.25.152.172
acl local_external dstdomain www.rexroth-mecman.de
acl intranet_boge dst 10.162.0.0/255.255.0.0
acl intranet_boge dst 192.125.128.0/255.255.255.0
acl intranet_boge dst 192.125.129.0/255.255.255.0
acl intranet_boge dst 192.168.100.0/255.255.255.0
acl intranet_boge dst 195.233.126.0/255.255.255.0
acl intranet_boge_dom dstdomain www.boge-intranet.com
acl internet_boge dstdomain boge.novalis-media.de
acl internet_boge dstdomain .boge-vibrationcontrol.de
acl internet_boge dstdomain .zf-group.de
acl internet_boge dstdomain .zf.com
acl internet_boge dstdomain .boge-vibrationcontrol.com
acl internet_boge dstdomain .zf-group.com
acl internet_bahn dstdomain .bahn.de
acl internet_bahn dstdomain .adbureau.net
acl internet_hug dstdomain .hug.de
acl internet_routenpl dstdomain www.route.de
acl auth_inet2 proxy_auth REQUIRED
acl auth_inet3 proxy_auth REQUIRED
acl auth_inet4 proxy_auth REQUIRED
acl auth_inet5 proxy_auth REQUIRED
acl auth_inet6 proxy_auth REQUIRED
acl auth_impoint proxy_auth REQUIRED
acl auth_isachs proxy_auth REQUIRED
acl auth_ivdo_auto proxy_auth REQUIRED
acl auth_iboge proxy_auth REQUIRED
acl auth_ibahn proxy_auth REQUIRED
acl auth_ihug proxy_auth REQUIRED
acl auth_iroutenpl proxy_auth REQUIRED
acl CONNECT method CONNECT
http_access Allow localhost
http_access Deny !noporn porn
http_access Deny deny_muell_regex
http_access Deny deny_muell_url
http_access Allow intranet2
http_access Allow intranet3
http_access Allow intranet4
http_access Allow intranet5
http_access Allow intranet6
http_access Allow intranet_mpoint
http_access Allow intranet_sachs
http_access Allow intranet1_sachs
http_access Allow intranet2_sachs
http_access Allow internet_sachs
http_access Allow intranet_boge
http_access Allow internet_boge
http_access Allow intranet_vdo_auto
http_access Allow internet_bahn
http_access Allow internet_hug
http_access Allow internet_routenpl
http_access Allow !intranet_boge auth_iboge
http_access Allow bogeclients
http_access Deny all
http_access Deny !Safe_ports
http_access Deny all
icp_access Allow all
miss_access Allow all
proxy_auth_realm Zugang zum Internet
ident_lookup_access Deny all
cache_mgr webmaster
cache_effective_user squid
cache_effective_group users
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_port 80
httpd_accel_with_proxy off
httpd_accel_uses_host_header off
logfile_rotate 10
tcp_recv_bufsize 0 bytes
err_html_text
deny_info ERR_BOGE_PORNO_DENIED porn
memory_pools on
memory_pools_limit 0 bytes
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
cachemgr_passwd none all
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
always_direct Allow intranet2
always_direct Allow intranet3
always_direct Deny local_external
always_direct Allow intranet4
always_direct Allow intranet5
always_direct Allow intranet6
always_direct Allow intranet_mpoint
always_direct Allow intranet_sachs
always_direct Allow internet_sachs
always_direct Allow intranet_vdo_auto
always_direct Allow intranet_boge
always_direct Deny all
never_direct Allow all
icon_directory /usr/local/squid/etc/icons
error_directory /usr/local/squid/etc/errors

> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>
>

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

**

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Tue May 28 2002 - 04:09:16 MDT