Re: [squid-users] url_regex problem.

I think your main problem is in understanding the logics of http_access.
The way you comine allow/deny looks very suspicious, making very strange
logics....

Try something like the following:

# Unrestricted users
http_access allow ssi
http_access allow eccezioni

# Block bad content
http_access deny !goodurl badurl
http_access deny !goodurl badmime

# Allow our users access
http_access allow utenti
http_access allow localhost

# Deny all others access
http_access deny all

or like the following:

# Unrestricted users
http_access allow ssi
http_access allow eccezioni

# Deny everyone except our users
http_access deny !utenti !localhost

# Allow access to good sites (exceptions to blocking)
http_access allow goodurl

# Block bad content
http_access deny badurl
http_access deny badmime

# Allow access to everythig else
http_access allow all

Regards
Henrik Nordström
Squid Hacker

> Federico wrote:
>
> url_regex is as powerful as danger in building ACLs.
>
> I've this problem:
>
> I use this series of ACLs:
>
> acl utenti src 192.168.0.0/255.255.224.0 <--- Normal Users
>
> acl ssi src 192.168.5.0/27 <--- IT Office
>
> acl eccezioni src "/usr/squid/data/eccezioni" <--- CTO, Bosses etc.
> etc.
>
> acl goodurl url_regex -i "/usr/squid/data/goodurl" <-- url that are in
> badlist, but must be accessed
>
> acl badurl url_regex -i "/usr/squid/data/badurl" <--- blacklist
>
> acl badmime url_regex -i "/usr/squid/data/badmime" <--- mimelist
>
>
>
> then I apply the ACLs in this order:
>
> http_access allow ssi <--- To allow all the IT Office to access
> Internet without any limitation
>
> http_access allow eccezioni <--- To Allow User Exception to access
> Internet without any limitation
>
> http_access allow goodurl <--- url that are in badlist, but must be
> accessed
>
> http_access deny badurl <--- url that are in badlist, NOT to be
> accessed
>
> http_access deny badmime <--- Blocking Downloads....
>
> http_access allow utenti <--- Allow Users...
>
> http_access allow localhost <--- Allow Localhost connection..
>
> http_access deny all <--- Finalizing...
>
> The problem is that I MUST put EACH SITE in the "goodurl" to make it
> work...
>
> Other problem... in some examples... such as www.kempten.de... the
> site work correctly... but the browser doesn't load any image, if I
> put "kempten" in "goodurl" the browser loads images...
>
> I attach my acl file and my squid.conf, if someone want to help me....
Received on Tue Nov 20 2001 - 10:10:27 MST