But how to write properly sth like this
'http_access allow clients|managers|clients2 #Squid cannot start with that line'
I want to replace 'http_access allow all' line with this given above.
Best
2010/11/2 Konrado Z <konradoz_at_partyinfo.com.pl>:
> Yep, of course it shoud be http_reply_access.
> Thanks Amos it's that what I need
>
> 2010/11/2 Konrado Z <konradoz_at_partyinfo.com.pl>:
>> OK so I have definied
>>
>> acl webMimes rep_mime_type -i "etc/squid/mimes"
>>
>> Mimes file:
>> text/(html|css|plain|richtext)
>> application/(msword|pdf|vnd.ms-powerpoint|vnd.ms-excel|zip|x-compress)
>> image/(bmp|gif|jpeg|png|tiff|gif)
>>
>> and http_access section:
>> #http_access deny clients workingHours funWebsites
>> http_access deny clients !webMimes
>> http_access allow all
>>
>> Unfortunately 'clients' cannot browse any website even sth like
>> exampleDomain/exampleFile.txt
>>
>> Any suggestions?
>>
>> 2010/11/2 Amos Jeffries <squid3_at_treenet.co.nz>:
>>> On Mon, 1 Nov 2010 23:01:42 +0100, Konrado Z <konradoz_at_partyinfo.com.pl>
>>> wrote:
>>>> Thanks for your response.
>>>>
>>>>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>>>>>>
>>>>>> http_access deny clients workingHours funWebsites
>>>>>> http_access deny clients !officeFiles
>>>>>> http_access allow all
>>>>>
>>>>> NP: "allow all" means traffic from the entire Internet. That should be
>>>>> "allow clients".
>>>>>
>>>>
>>>> Thanks that is a useful tip
>>>>
>>>>>
>>>>> As requested earlier:
>>>>> "Please list the exact fill set of patterns you are using. One of them
>>>>> is probably wrong."
>>>>>
>>>>> That means the exact and full content of /etc/squid/officeFiles. Sorry
>>> if
>>>>> I was unclear.
>>>>
>>>> \.[Dd][Oo][Cc]$
>>>> \.[Pp][Dd][Ff]$
>>>> \.[Xx][Ll][Ss]$
>>>> \.[Zz][Ii][Pp]$
>>>> \.[Gg][Ii][Ff]$
>>>> \.[Pp][Pp][Tt]$
>>>>
>>>> And jpg, rar, tiff, bmp, txt in the same style.
>>>>
>>>> I know that using this into http_access deny clients !officeFiles
>>>> causes blocking the whole WWW service (clients are allowed to download
>>>> only these types of files) but I'm not able to list every extension
>>>> such html, htm, php, asp etc. I want to make Internet service
>>>
>>> The pattern to match for the common web files is quite short:
>>>
>>> # defined white-list of acceptable web file extensions
>>> acl webFiles urlpath_regex -i
>>> [^?]*(\.([xd]?html?|aspx?|php[345]?|cgi|css|js|jpe?g|gif|png|x[ms]l||xst|swf)|/)(\?.*)?$
>>>
>>>
>>>> available for clients but I want to deny DOWNLOADING files which are
>>>> not typical office files. And how to do it? I have no idea :)
>>>
>>> You face a concept problem:
>>> In HTTP *everything* including the HTML structure of the page is a
>>> DOWNLOAD. There is zero difference in file type between a "Download"
>>> button, a menu bar and some porn. Only the browser controls whether it asks
>>> to save the object or displays it (eg. opening an XHTML web page in IE4
>>> will ask you where to save it).
>>>
>>> Consider as well how does one find these office files in order to
>>> download? when the HTML page (or HTML email), download button graphics,
>>> captcha security, search scripts and layout CSS are all blocked?
>>>
>>>
>>> I really think you need to clarify which types and sizes of object things
>>> are limited to. Then use http_reply_access on the file rep_mime_type.
>>> Probably source websites in http_access.
>>>
>>>>
>>>> P.S I was probably unclear earlier. Unfortunately my English is not so
>>>> well, so sorry :)
>>>> Konradoz
>>>>
>>>>> Amos
>>>>>
>>>>>>
>>>>>> 2010/11/1 Amos Jeffries <squid3_at_treenet.co.nz>:
>>>>>>> On 01/11/10 12:46, Konrado Z wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I have encountered a problem with ACL. I want to disable download
>>> all
>>>>>>>> kinds of files for subnet specified except pdf, doc, xls, txt, zip.
>>> I
>>>>>>>> have created officeFile file wich is shown below:
>>>>>>>>
>>>>>>>> \.[Dd][Oo][Cc]$
>>>>>>>> \.[Tt][Xx][Tt]$
>>>>>>>> etc.
>>>>>>>>
>>>>>>>> but,
>>>>>>>>
>>>>>>>> acl clients 192.168.56.0/24
>>>>>>>> acl officeFiles urlpath_regex "/etc/squid/officeFiles"
>>>>>>>
>>>>>>> Using -i makes the pattern non-case-sensitive.
>>>>>>> acl officeFiles urlpath_regex -i \.(doc|txt)$
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> and
>>>>>>>>
>>>>>>>> http_access deny clients !officeFiles
>>>>>>>> http_access allow all #It has to be here because it is the last line
>>>>>>>> in my config which is associated with other ACLS
>>>>>>>>
>>>>>>>>
>>>>>>>> doesn't work because clients cannot open even google.com. I have no
>>>>>>>> idea, how to overcome that problem. How to write this ACL and
>>>>>>>> http_access to work properly.
>>>>>>>> Please help.
>>>>>>>
>>>>>>> Please list the exact fill set of patterns you are using. One of them
>>>>> is
>>>>>>> probably wrong.
>>>>>>>
>>>>>>>
>>>>>>> You could also match the actual reply mime types. This reply ACL
>>> allows
>>>>>>> some
>>>>>>> types and denies the rest:
>>>>>>>
>>>>>>> acl webMime rep_mime_type -i text/html image/jpeg image/png
>>> image/gif
>>>>>>> text/css
>>>>>>> http_reply_access deny !webMime
>>>>>>>
>>>>>>>
>>>>>>> Amos
>>>>>>> --
>>>>>>> Please be using
>>>>>>> Current Stable Squid 2.7.STABLE9 or 3.1.8
>>>>>>> Beta testers wanted for 3.2.0.2
>>>>>>>
>>>>>
>>>
>>
>
Received on Tue Nov 02 2010 - 20:58:05 MDT
This archive was generated by hypermail 2.2.0 : Tue Nov 09 2010 - 12:00:02 MST