Re: [squid-users] Problem with ACL (disabling download) from Konrado Z on 2010-11-01 (squid-users)

From: Konrado Z <konradoz_at_partyinfo.com.pl>
Date: Mon, 1 Nov 2010 14:41:19 +0100

Hello,
Thanks for reply but I still have problem

My all acls and http_access
acl clients 192.168.56.0/24
acl funWebsites dstdom_regex "/etc/squid/funWebsites"
acl workingHours time M T W H F 8:00-16:00
acl officeFiles urlpath_regex "/etc/squid/officeFiles"

http_access deny clients workingHours funWebsites
http_access deny clients !officeFiles
http_access allow all

But the problem for sure is here: http_access deny clients
!officeFiles (file officeFiles is presented in the 1st post) - I have
check it.

I want that clients have an access to the Internet but download files
only listed in the file officeFiles. But when I write
http_access deny clients !officeFiles they cannot browse any website
but can only dowloads these files given. How to write it, to give them
access to the Internet and allow them download only 4, 5 types of
files?

2010/11/1 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 01/11/10 12:46, Konrado Z wrote:
>>
>> Hello,
>>
>> I have encountered a problem with ACL. I want to disable download all
>> kinds of files for subnet specified except pdf, doc, xls, txt, zip. I
>> have created officeFile file wich is shown below:
>>
>> \.[Dd][Oo][Cc]$
>> \.[Tt][Xx][Tt]$
>> etc.
>>
>> but,
>>
>> acl clients 192.168.56.0/24
>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>
> Using -i makes the pattern non-case-sensitive.
> acl officeFiles urlpath_regex -i \.(doc|txt)$
>
>
>>
>> and
>>
>> http_access deny clients !officeFiles
>> http_access allow all #It has to be here because it is the last line
>> in my config which is associated with other ACLS
>>
>>
>> doesn't work because clients cannot open even google.com. I have no
>> idea, how to overcome that problem. How to write this ACL and
>> http_access to work properly.
>> Please help.
>
> Please list the exact fill set of patterns you are using. One of them is
> probably wrong.
>
>
> You could also match the actual reply mime types. This reply ACL allows some
> types and denies the rest:
>
> acl webMime rep_mime_type -i text/html image/jpeg image/png image/gif
> text/css
> http_reply_access deny !webMime
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.8
> Beta testers wanted for 3.2.0.2
>
Received on Mon Nov 01 2010 - 13:41:26 MDT

This archive was generated by hypermail 2.2.0 : Wed Nov 03 2010 - 12:00:02 MDT