On Mon, 1 Nov 2010 14:41:19 +0100, Konrado Z <konradoz_at_partyinfo.com.pl>
wrote:
> Hello,
> Thanks for reply but I still have problem
>
> My all acls and http_access
> acl clients 192.168.56.0/24
> acl funWebsites dstdom_regex "/etc/squid/funWebsites"
> acl workingHours time M T W H F 8:00-16:00
There are not meant to be any spaces between the day letters above. The
above with spaces will likely be blocking all day only on Mondays or not at
all.
> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>
> http_access deny clients workingHours funWebsites
> http_access deny clients !officeFiles
> http_access allow all
NP: "allow all" means traffic from the entire Internet. That should be
"allow clients".
>
> But the problem for sure is here: http_access deny clients
> !officeFiles (file officeFiles is presented in the 1st post) - I have
> check it.
>
> I want that clients have an access to the Internet but download files
> only listed in the file officeFiles. But when I write
> http_access deny clients !officeFiles they cannot browse any website
> but can only dowloads these files given. How to write it, to give them
> access to the Internet and allow them download only 4, 5 types of
> files?
As requested earlier:
"Please list the exact fill set of patterns you are using. One of them
is probably wrong."
That means the exact and full content of /etc/squid/officeFiles. Sorry if
I was unclear.
Amos
>
> 2010/11/1 Amos Jeffries <squid3_at_treenet.co.nz>:
>> On 01/11/10 12:46, Konrado Z wrote:
>>>
>>> Hello,
>>>
>>> I have encountered a problem with ACL. I want to disable download all
>>> kinds of files for subnet specified except pdf, doc, xls, txt, zip. I
>>> have created officeFile file wich is shown below:
>>>
>>> \.[Dd][Oo][Cc]$
>>> \.[Tt][Xx][Tt]$
>>> etc.
>>>
>>> but,
>>>
>>> acl clients 192.168.56.0/24
>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>>
>> Using -i makes the pattern non-case-sensitive.
>> acl officeFiles urlpath_regex -i \.(doc|txt)$
>>
>>
>>>
>>> and
>>>
>>> http_access deny clients !officeFiles
>>> http_access allow all #It has to be here because it is the last line
>>> in my config which is associated with other ACLS
>>>
>>>
>>> doesn't work because clients cannot open even google.com. I have no
>>> idea, how to overcome that problem. How to write this ACL and
>>> http_access to work properly.
>>> Please help.
>>
>> Please list the exact fill set of patterns you are using. One of them
is
>> probably wrong.
>>
>>
>> You could also match the actual reply mime types. This reply ACL allows
>> some
>> types and denies the rest:
>>
>> acl webMime rep_mime_type -i text/html image/jpeg image/png image/gif
>> text/css
>> http_reply_access deny !webMime
>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.8
>> Beta testers wanted for 3.2.0.2
>>
Received on Mon Nov 01 2010 - 20:41:27 MDT
This archive was generated by hypermail 2.2.0 : Tue Nov 02 2010 - 12:00:02 MDT