On Sun, 16 Mar 2003 21:49:53 +1100
"Simon Bryan" <sbryan@olmc.nsw.edu.au> wrote:
> I agree with Henrik to upgrade.
> However you do realise that the http_access lines are searched
> sequentially until one is matched and then the processing stops?
> Apolgies if this sounds patronising.
Yes, same as the squid documentation states. I understand.
> > acl unblockedsites url_regex -i "/etc/squid/unblock.txt"
> > acl blockedsites url_regex -i "/etc/squid/block.txt"
> > acl semiblock url_regex -i "/etc/squid/semiblock.txt"
> >
> > http_access deny semiblock
>
> ****If the site is in semiblock then access is denied and processing
> will stop here
> > http_access deny blockedsites !unblockedsites
> ****Anything in blockedsites should be denied, anything in unblocked
> site should be allowed
Right. Exactly the way it should be.
> > # I want access to "unblockedsites", but not "blockedsites".
> > # If I put ".something.tld" in unblockedsites, I can't block
> > # "c.something.tld" in blockedsites, so I use semiblock instead.
> >
> > http_access deny all !unblockedsites
> > # If it can't be accessed through the first two, then it should be
> > # blocked.
> >
> If I remember right you wanted to control precisely the sites that
> were allowed to be visited?
> I am also not sure of the difference between a blocked and a
> semiblocked site. Also if you know the exact sites you want to unblock
> then why use a regex acl? Why not use a dst acl to be precise about
> which domains are allowed?
One allows me to open the full site while blocking parts; the other
allows me to block the full site while opening parts.
I'm still learning the difference between types of acls and was able to
get it working with the regex as I had seen in an example from an
unrelated site. As I said in my previous e-mail, it's probably not the
most efficient, but it's how I first got it working. This server's
still a work in progress, so it could still be subject to a couple
revisions. :-)
> Why not put
> http_access allow unblockedsites
> http_access deny semiblock blockedsites
Because it would defeat the purpose of my different block files.
> or I think the other way around should let you do what you wanted with
> the c.something.tld example
>
> http_access allow unblockedsites
> ****c.something.tld is allowed
>
> http_access deny semiblock blockedsites
> ****anything else with something.tld is blocked
Thanks Simon and Henrik for all the help and suggestions. I'll be doing
some more testing and may end up upgrading my squid version a little
later.
Jacob
-----
GnuPG Key: 1024D/16377135
In a world without fences, who needs Gates?
http://www.linux.org/
Received on Sun Mar 16 2003 - 12:15:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:04 MST