[squid-users] Block Certain Mime Types

From: Jeff Rigby <jrigby_at_databasepublish.com>
Date: Mon, 8 Jun 2009 14:16:03 -0400

Been at this for a few hours to no avail so I'd thought I turn to the
collective genius of this list.

I'm trying to block all connections to anything but images, text,
javascript, and CSS. I would like to reply with a 404 error. My server is
setup in Accel mode. Even blocking only text/html should be sufficient for
what I need.

I've tried many variations of the following but nothing seems to take. It
serves text/html just fine. I've tried:

acl allowext url_regex -i \.jpg$ \.png$ \.gif$ \.css$ \.js$
http_access allow !allowext
http_access deny !allowext

AND

acl blockmimeq req_mime_type -i ^text/html$
acl blockmimep rep_mime_type -i ^text/html$
http_access deny blockmimeq
http_reply_access deny blockmimep

with many variations/combos of those. Still no luck.

Here's my latest ACL in my config (not working)
# Basic ACLs
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mydomain dstdomain .domain.com .static.com localhost
acl localnet src 10.0.0.0/16
acl Safe_ports port 80 # http
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow mydomain

#mime-types
acl blockmimeq req_mime_type -i ^text/html$
acl blockmimep rep_mime_type -i ^text/html$
http_access deny blockmimeq
http_reply_access deny blockmimep

http_access deny all
icp_access allow localnet
icp_access deny all

Any ideas?

Jeff
Received on Mon Jun 08 2009 - 18:16:08 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 11 2009 - 12:00:03 MDT