Hi,
Currently I am writing a website which will be capable of managing a
whitelist for squid, it is almost finished and uses php/mysql and ldap
for authentication.
When I put it online I will notify anyone who is interested, a preview
can be seen on http://cc.jct.ac.il/~elyahyu/projects/odp/ however it has
slightly limited functionality* as that server is not allowed 'out'.
(for user-rights: test/test , for admin-rights: demo/demo)
Anyhow, I have a few questions about the syntax of acls...
(I use the debian build of Squid2.5STABLE12)
The situation is as follows, I have decided that we are using
"dstdomain" and not "regex_url -i" as the type of acl for the whitelist,
as the second one will actually allow
"http://whatever.com?blah=someallowedwebsite.com" to go through.
Eventhough all the css and images won't come through the potential of
abuse is not welcome by us.
For certain sites we want to block images/multimedia content at this
point my acl looks like this:
site.com.*\.jpg
site.com.*\.gif
site.com.*\.swf
This can definitely be done on one line, but I have not succeeded in
implementing it on one line.
Also is there a way to block according to mime-type instead of heaving
to add every single extension to the file?
The relevant part in squid.conf is:
acl noPics url_regex -i "/etc/squid/nopics"
http_access deny noPics
# limit list of sites
acl permitted_sites dstdomain "/etc/squid/permitted"
http_access allow permitted_sites
http_access deny all
Thank you very much,
Eliyahu S. Rosenberg
* limited functionality actually in this case means that you can't
request or add websites, this is due to the fact that I have a script
which actually checks if the requested/added url is a working/real url
by checking the HTTP-response, it also warns if the website was moved
(HTTP-code 30x), but as this server cannot run such code this script
will always fail. I will soon put up a demo in a different location.
Received on Mon Jan 23 2006 - 17:40:47 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST