Kevin Gordon wrote:
> I changed it to
>
> acl blockedmime_exe rep_mime_type -i ^application/octet-stream$
> ^application/x-compress$ ^application/x-compressed$
> acl blockedmime_zip rep_mime_type -i ^application/zip$ ^multipart/x-zip$
> acl blockedmime_media rep_mime_type -i ^audio/mpeg3$ ^video/x-mpeg$
> ^video/quicktime$ ^video/avi% ^video/x-msvideo$ ^audio/x-mpegurl$
>
> http_reply_access deny blockedmime_exe blockedmime_zip blockedmime_media
>
> and it still lets it through. I'mnot sure if it has to do with
> ordering or not.... If I have this statement before a statement that
> allows everything which one takes precidence?
>
>
> Kevin
>
Whoops. Sorry for not catching this the first time through... There
were two problems. First, your acls were attempting to match requests.
Second, your and/or logic doesn't match the way Squid expects it.
Have a look at
http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-af2c190759b099a7986221cd12a4066eb146a1c4.
Keep the acl lines as are, but split that http_reply_access line out:
http_reply_access deny blockedmime_exe
http_reply_access deny blockedmime_zip
http_reply_access deny blockedmime_media
For what it's worth, the first matching http_access (or
http_reply_access) rule takes precedence.
Chris
Received on Thu Oct 19 2006 - 15:13:45 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST