Re: [squid-users] ACL help: blocking non-html objects from particular domains

From: Craig Skinner <craig.skinner@dont-contact.us>
Date: Mon, 15 Oct 2007 14:23:15 +0100

On Mon, Oct 15, 2007 at 12:04:41AM +1300, Amos Jeffries wrote:
> It should work. What does cache.log / access.log say when (3) is used?
>

Thanks for the help, I'll work on dstdomains next, logs below:

###################################

acl our_networks src 127.0.0.1/32
http_access allow our_networks
acl suspect-domains dstdom_regex "/etc/squid/suspect-domains.acl"
acl ok-mime-types rep_mime_type -i ^text/html$
http_access allow suspect-domains ok-mime-types
http_access deny all

The request GET http://www.example.com/ is DENIED, because it matched 'all'
TCP_DENIED/403 1375 GET http://www.example.com/ - NONE/- text/html

###################################

acl our_networks src 127.0.0.1/32
http_access allow our_networks
acl suspect-domains dstdom_regex "/etc/squid/suspect-domains.acl"
acl ok-mime-types rep_mime_type -i ^text/html$
http_access deny suspect-domains !ok-mime-types
http_access allow suspect-domains
http_access deny all

The request GET http://www.example.com/ is DENIED, because it matched 'ok-mime-types'
TCP_DENIED/403 1375 GET http://www.example.com/ - NONE/- text/html
Received on Mon Oct 15 2007 - 07:23:27 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT