Re: Re: [squid-users] adaptation_access and rep_mime_type -- It doesn't seem to work from Trever L. Adams on 2011-04-17 (squid-users)

From: Trever L. Adams <trever.adams_at_gmail.com>
Date: Sun, 17 Apr 2011 13:17:29 -0600

On 01/-10/-28163 12:59 PM, Amos Jeffries wrote:
> On 15/04/11 20:46, Trever L. Adams wrote:
>> I am using squid 3.1.10. I have a virus scanner and a content classifier
>> (to build content filter with Squid ACLs). The virus scanner has several
>> modes. One scans transparently and passes on data in chunks. I have this
>> working for various update sites, etc.
>>
>> However, I need to run streaming media through this. So I have acls like
>> this:
>> acl StreamMime rep_mime_type -i ^video/
>> acl StreamMime rep_mime_type -i ^audio/
>>
>> adaptation_access updatesChain allow StreamMime
> These would be the sites using flash multimedia. Which are neither
> video/* nor audio/* media.
>
> Try with:
> acl MediaMime rep_mime_type -i audio|video|flv|flash
>
Yes, I had flash covered in another rule, I forgot to paste it. Sorry.
>
> Should be working. But its not easy to tell what is going wrong
> without the rest of the configuration context. Specifically everything
> about "updatesChain".
>
> Amos
adaptation_service_chain standardChain svcClassify svcVirusScan
adaptation_service_chain updatesChain svcClassify svcVirusScanUpdates

adaptation_access standardChain allow !SoftwareUpdateAgent
!SoftwareUpdateDomain !SoftwareUpdateMime !StreamMime
adaptation_access standardChain deny all
adaptation_access updatesChain allow SoftwareUpdateAgent
adaptation_access updatesChain allow SoftwareUpdateDomain
adaptation_access updatesChain allow SoftwareUpdateMime
adaptation_access updatesChain allow StreamMime
adaptation_access updatesChain deny all

These are c_icap modules. svcClassify is one I have written but haven't
upstreamed yet. (Still trying to get a good base trained set for people
to use.) It is currently set to only process images (flash, video, etc.
is ignored with 204).

The virus modules are the same, one is in a virulator mode (where
anything over a certain size isn't directly downloaded). The other
(updatesChain) is in a simple mode which should work well for streaming.

My entire StreamMime:

acl StreamMime rep_mime_type -i ^video/
acl StreamMime rep_mime_type -i ^audio/
acl StreamMime rep_mime_type -i ^application/octet-stream$
acl StreamMime rep_mime_type -i application/octet-stream
acl StreamMime rep_mime_type -i ^application/x-mplayer2$
acl StreamMime rep_mime_type -i application/x-mplayer2
acl StreamMime rep_mime_type -i ^application/x-oleobject$
acl StreamMime rep_mime_type -i application/x-oleobject
acl StreamMime rep_mime_type -i application/x-pncmd
acl StreamMime rep_mime_type -i ^application/x-shockwave-flash$
acl StreamMime rep_mime_type -i audio|video|flv|flash

SoftwareUpdate* is too big to post here. It works except (even mime
types) which I cannot explain.

Thank you,
Trever

-- 
"In protocol design, perfection has been reached not when there is
nothing left to add, but when there is nothing left to take away." --
RFC1925: The Twelve Networking Truths

application/pgp-signature attachment: OpenPGP digital signature

Received on Sun Apr 17 2011 - 19:17:40 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 18 2011 - 12:00:03 MDT