RE: [squid-users] Help in ACL Configuration using three rules from Jason Staudenmayer on 2006-05-30 (squid-users)

From: Jason Staudenmayer <jasons@dont-contact.us>
Date: Tue, 30 May 2006 08:51:39 -0400

I've done the same thing far to many times and it drove me nuts trying
to find it.

-----Original Message-----
From: Sergio Chavarri [mailto:sergio_chavarri@yahoo.com]
Sent: Monday, May 29, 2006 5:57 PM
To: Jason Staudenmayer; squid-users@squid-cache.org
Subject: RE: [squid-users] Help in ACL Configuration using three rules

Thank you Jason for the advice. Its works!
Sergio

--- Jason Staudenmayer <jasons@adventureaquarium.com>
wrote:

> This looks like your problem
> >http_access deny BlockExt
> >
> >#Allow specialdomain without BlockExt
> >http_access deny BlockExt !specialdomain
> >
> You have a deny all first remove that first one and
> try it again.
>
> Jason
>
> -----Original Message-----
> From: Sergio Chavarri
> [mailto:sergio_chavarri@yahoo.com]
> Sent: Monday, May 29, 2006 3:09 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Help in ACL Configuration
> using three rules
>
>
> Hi everyone,
> After made a research in squid database, maybe
> something is missing and I would like a feedback of
> this configuration
>
> I am trying to create an access list with "denied
> sites" and denied extension format, like mp3, exe
>
> But, at the same time I would like to allow a
> special
> list (domains) to access without restrictions (mp3,
> exe)
>
> Actually, I can deny a list of sites and deny an
> extension list(mp3,exe) at the same time, but It
> doesn't work to allow without restriction the
> special
> list.
>
> Please, take a look in the next lines and let me
> know
> my mistakes in order to implement them.
>
> Thanks a lot. Sergio
>
> # Proxy port -
> http_port 8080
>
> # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION
> ALGORITHM
> # #
> proxy
> icp
> # # hostname type
> port
> port options
> # # -------------------- --------
> -----
> ----- -----------
> cache_peer proxy.mysite.com parent 8080 0
> default no-query allow-miss login=PASS
>
> # TAG: hierarchy_stoplist
> hierarchy_stoplist cgi-bin ?
>
> # TAG: no_cache
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>
> # TAG: cache_mem (bytes)
> cache_mem 64 MB
>
> # TAG: cache_dir
> cache_dir ufs /var/spool/squid 1000 64 256
>
> # TAG: auth_param
> auth_param basic children 5
>
>
> auth_param basic realm Squid proxy-caching web
> server
>
> auth_param basic credentialsttl 2 hours
>
>
>
>
>
> # TAG: refresh_pattern
> #Suggested default:
>
>
> refresh_pattern ^ftp: 1440 20%
> 10080
>
> refresh_pattern ^gopher: 1440 0% 1440
>
>
> refresh_pattern . 0 20% 4320
>
>
>
>
> # ACCESS CONTROLS
> # TAG: acl
> # Local networks with "C" IP class: office1,office2,
> office3
> acl office1 src 7.24.10.0/24
> acl office2 src 7.24.50.0/24
> acl office3 src 7.24.60.0/24
>
> acl SSL_ports port 443 563 8143
>
> acl Safe_ports port 80 # http
>
>
> acl Safe_ports port 21 # ftp
>
>
> acl Safe_ports port 443 563 # https, snews
>
>
> acl Safe_ports port 70 # gopher
>
>
> acl Safe_ports port 210 # wais
>
>
> acl Safe_ports port 1025-65535 # unregistered ports
>
>
> acl Safe_ports port 280 # http-mgmt
>
>
> acl Safe_ports port 488 # gss-http
>
>
> acl Safe_ports port 591 # filemaker
>
>
> acl Safe_ports port 777 # multiling http
>
>
> acl CONNECT method CONNECT
>
>
>
> # acl deny for web radio stream -
> acl webRadioReq1 req_mime_type -i ^video/x-ms-asf$
>
>
> acl webRadioReq2 req_mime_type -i
> ^application/vnd.ms.wms-hdr.asfv1$
> acl webRadioReq3 req_mime_type -i
> ^application/x-mms-framed$
>
> acl WMP browser Windows-Media-Player/*
>
>
>
>
>
> # acl deny for extensions
>
>
> acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$
> \.wmv$
> \.avi$ \.mpeg$ \.mpg$ \.qt
> $ \.ram$ \.rm$ \.iso$ \.wav$ \.exe$
>
>
>
> #Special domain without restriction (exe, mp3..)
> acl specialdomain dstdomain <
> /etc/squid/specialdomain
> >
>
>
> # Access deny for Web radio /Stream
> http_access deny WMP all
> http_access deny webRadioReq1 all
> http_access deny webRadioReq2 all
> http_access deny webRadioReq3 all
>
> http_reply_access deny webRadioRep1 all
> http_reply_access deny webRadioRep2 all
> http_reply_access deny webRadioRep3 all
>
> http_access deny BlockExt
>
> #Allow specialdomain without BlockExt
> http_access deny BlockExt !specialdomain
>
> #Extension for domain & path
> #Extension List using files AAA
> acl deniedsites url_regex "/etc/squid/deniedsites"
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
>
=== message truncated ===

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Tue May 30 2006 - 06:51:45 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT