Hello list, Yet Another Access List Question.
As the doc says:
"Access list rules are checked in the order they are written. List
searching terminates as soon as one of the rules is a match."
Well, that's quite clear I'd say. But why isn't this working properly:
############################################################
acl richard2_src 92.68.12.178
[..]
acl no_filter_dst dstdomain "/etc/squid/nofilter.domains.txt"
acl allow_mime_types rep_mime_type -i ^text/.* ^image/.*
^text/plain ^text/html ^application/.*ms.*word.*
^application/.*ms.*excel.* ^application/.*pdf.* ^application/.*xml.*
^application/.*java.*
[..]
http_access allow no_filter_dst
http_reply_access deny !allow_mime_types richard2_src
[..]
############################################################
$ cat /etc/squid/nofilter.domains.txt
.xaq.nl
The MIME type filter is working properly. But if I visit
http://www.xaq.nl/ there is an swf file which should be blocked by the
"allow_mime_types". But as the domain is allowed in the rule above
"allow_mime_types", the "no_filter_dst", I'd expect that squid accepts
the swf on that particular page. But it is denied:
1364728671.633 7 92.68.12.178 TCP_DENIED/403 1532 GET
http://www.xaq.nl/clock.swf - DIRECT/192.87.112.211 text/html
Why is that?
R.
-- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://contact.xaq.nl/ | +------------------------------------------------------------------+Received on Sun Mar 31 2013 - 11:22:00 MDT
This archive was generated by hypermail 2.2.0 : Sun Mar 31 2013 - 12:00:05 MDT