You have allowed the http request to the site, but you have denied the
reply. http_access and http_reply access are different rule types.
If you add an "http_reply_access allow no_filter_dest" above the last
rule I think it will work.
Thanks
Alex
On 31/03/13 12:21, richard lucassen wrote:
> Hello list, Yet Another Access List Question.
>
> As the doc says:
>
> "Access list rules are checked in the order they are written. List
> searching terminates as soon as one of the rules is a match."
>
> Well, that's quite clear I'd say. But why isn't this working properly:
>
> ############################################################
> acl richard2_src 92.68.12.178
>
> [..]
> acl no_filter_dst dstdomain "/etc/squid/nofilter.domains.txt"
>
> acl allow_mime_types rep_mime_type -i ^text/.* ^image/.*
> ^text/plain ^text/html ^application/.*ms.*word.*
> ^application/.*ms.*excel.* ^application/.*pdf.* ^application/.*xml.*
> ^application/.*java.*
>
> [..]
>
> http_access allow no_filter_dst
> http_reply_access deny !allow_mime_types richard2_src
> [..]
> ############################################################
>
> $ cat /etc/squid/nofilter.domains.txt
> .xaq.nl
>
> The MIME type filter is working properly. But if I visit
> http://www.xaq.nl/ there is an swf file which should be blocked by the
> "allow_mime_types". But as the domain is allowed in the rule above
> "allow_mime_types", the "no_filter_dst", I'd expect that squid accepts
> the swf on that particular page. But it is denied:
>
> 1364728671.633 7 92.68.12.178 TCP_DENIED/403 1532 GET
> http://www.xaq.nl/clock.swf - DIRECT/192.87.112.211 text/html
>
> Why is that?
>
> R.
>
Received on Sun Mar 31 2013 - 11:38:17 MDT
This archive was generated by hypermail 2.2.0 : Sun Mar 31 2013 - 12:00:05 MDT