Thanks for your response.
>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>>
>> http_access deny clients workingHours funWebsites
>> http_access deny clients !officeFiles
>> http_access allow all
>
> NP: "allow all" means traffic from the entire Internet. That should be
> "allow clients".
>
Thanks that is a useful tip
>
> As requested earlier:
> "Please list the exact fill set of patterns you are using. One of them
> is probably wrong."
>
> That means the exact and full content of /etc/squid/officeFiles. Sorry if
> I was unclear.
\.[Dd][Oo][Cc]$
\.[Pp][Dd][Ff]$
\.[Xx][Ll][Ss]$
\.[Zz][Ii][Pp]$
\.[Gg][Ii][Ff]$
\.[Pp][Pp][Tt]$
And jpg, rar, tiff, bmp, txt in the same style.
I know that using this into http_access deny clients !officeFiles
causes blocking the whole WWW service (clients are allowed to download
only these types of files) but I'm not able to list every extension
such html, htm, php, asp etc. I want to make Internet service
available for clients but I want to deny DOWNLOADING files which are
not typical office files. And how to do it? I have no idea :)
P.S I was probably unclear earlier. Unfortunately my English is not so
well, so sorry :)
Konradoz
> Amos
>
>>
>> 2010/11/1 Amos Jeffries <squid3_at_treenet.co.nz>:
>>> On 01/11/10 12:46, Konrado Z wrote:
>>>>
>>>> Hello,
>>>>
>>>> I have encountered a problem with ACL. I want to disable download all
>>>> kinds of files for subnet specified except pdf, doc, xls, txt, zip. I
>>>> have created officeFile file wich is shown below:
>>>>
>>>> \.[Dd][Oo][Cc]$
>>>> \.[Tt][Xx][Tt]$
>>>> etc.
>>>>
>>>> but,
>>>>
>>>> acl clients 192.168.56.0/24
>>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>>>
>>> Using -i makes the pattern non-case-sensitive.
>>> acl officeFiles urlpath_regex -i \.(doc|txt)$
>>>
>>>
>>>>
>>>> and
>>>>
>>>> http_access deny clients !officeFiles
>>>> http_access allow all #It has to be here because it is the last line
>>>> in my config which is associated with other ACLS
>>>>
>>>>
>>>> doesn't work because clients cannot open even google.com. I have no
>>>> idea, how to overcome that problem. How to write this ACL and
>>>> http_access to work properly.
>>>> Please help.
>>>
>>> Please list the exact fill set of patterns you are using. One of them
> is
>>> probably wrong.
>>>
>>>
>>> You could also match the actual reply mime types. This reply ACL allows
>>> some
>>> types and denies the rest:
>>>
>>> acl webMime rep_mime_type -i text/html image/jpeg image/png image/gif
>>> text/css
>>> http_reply_access deny !webMime
>>>
>>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE9 or 3.1.8
>>> Beta testers wanted for 3.2.0.2
>>>
>
Received on Mon Nov 01 2010 - 22:01:49 MDT
This archive was generated by hypermail 2.2.0 : Tue Nov 02 2010 - 12:00:02 MDT