Craig Skinner wrote:
> I'm attempting to use ACLs to block non-HTML objects from particular
> domains. i.e: users should be able to see the html, but not the images.
>
> Tried various forms of and always end up will all or nothing:
>
> acl suspect-domains dstdom_regex "/etc/squid/suspect-domains.acl"
please, PLEASE use dstdomain instead of regex.
> acl ok-mime-types rep_mime_type -i ^text/html$
> acl ok-mime-types rep_mime_type -i text/html
First match falls inside the second. One of them is redundant.
>
> # 1
> #http_access allow ok-mime-types
> #http_access allow suspect-domains
allow mime types + allow suspect domains
--- you wanted blocking. no blocking there.
>
> # 2
> #http_access allow suspect-domains ok-mime-types
better, and should work if you have no other allows' involving
suspect-domains.
>
> # 3
> #http_access deny suspect-domains !ok-mime-types
> #http_access allow suspect-domains
This (3) should be working. It's exactly what you specified as your
requirements above. Maybe to be extra paranoid "allow suspect-domains
ok-mime-types', but not strictly needed.
>
> http_access deny all
>
> What am I missing here?
Nothing that I can see from those.
It should work. What does cache.log / access.log say when (3) is used?
Amos
Received on Sun Oct 14 2007 - 05:04:49 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT