Re: [squid-users] squid access rules .. anyone got anything to add

From: Henrik Nordstrom <[email protected]>
Date: Thu, 11 Mar 2004 19:30:23 +0100 (CET)

All of these url_regex should be dstdomain_regex

acl msnoverhttp dstdomain_regex -i messenger.*\.[^.]*$

and you probably want to be a little more specific on the domain names..
things like .*msg.*\.<tld> mathes quite broadly...

Regards
Henrik

On Thu, 11 Mar 2004, Michael Gale wrote:

> Hello,
>
> I have the following squid acl and would like to know if anyone has anything to
> add to it.
>
> ##### Block messenger web sites
> acl msnoverhttp url_regex -i e-messenger
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.com
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.ca
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.us
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.info
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.cn
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.org
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.net
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.biz
> acl msnoverhttp url_regex -i ^http://.*messenger.*\.fi
> acl msnoverhttp url_regex ^http://.*msg.*\.com
> acl msnoverhttp url_regex ^http://.*msg.*\.ca
> acl msnoverhttp url_regex ^http://.*msg.*\.us
> acl msnoverhttp url_regex ^http://.*msg.*\.info
> acl msnoverhttp url_regex ^http://.*msg.*\.cn
> acl msnoverhttp url_regex ^http://.*msg.*\.org
> acl msnoverhttp url_regex ^http://.*msg.*\.net
> acl msnoverhttp url_regex ^http://.*msg.*\.biz
> acl msnoverhttp url_regex ^http://.*msg.*\.fr
> acl msnoverhttp url_regex -i ^http://.*\.AIM.*
> acl msnoverhttp url_regex -i ^http://.*AIM\..*
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.com
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.ca
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.us
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.info
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.cn
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.org
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.net
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.biz
> acl msnoverhttp url_regex -i ^http://.*wbmsn.*\.fr
> acl msnoverhttp url_regex ^http://64\.12\.163\.136
> http_access deny msnoverhttp
>
> ##### AIM / MSN domains
> acl baddomains dstdom_regex -i .*\.blue\.aol\.com
> http_access deny baddomains
>
> ##### Downloads
> acl download rep_mime_type ^.*video.*
> acl download rep_mime_type ^.*audio.*
> http_reply_access deny download
>
> ##### Block MSN Messenger
> acl msnmessenger url_regex -i gateway.dll
> http_access deny msnmessenger
>
> ##### Block AOL and YAHOO
> acl aolyahoo dstdomain login.oscar.aol.com
> acl aolyahoo dstdomain pager.yahoo.com
> acl aolyahoo dstdomain shttp.msg.yahoo.com
> acl aolyahoo dstdomain update.messenger.yahoo.com
> acl aolyahoo dstdomain update.pager.yahoo.com
> http_access deny aolyahoo
>
> ##### Mime blocking
> ##### Blocking reqested mine types
> acl mimeblockq req_mime_type ^application/x-msn-messenger$
> acl mimeblockq req_mime_type ^app/x-hotbar-xip20$
> acl mimeblockq req_mime_type ^application/x-icq$
> acl mimeblockq req_mime_type ^.*AIM.*
> acl mimeblockq req_mime_type ^application/x-comet-log$
> acl mimeblockq req_mime_type ^application/x-pncmd$
>
> ##### Blocking sent mime types
> acl mimeblockp rep_mime_type ^application/x-msn-messenger$
> acl mimeblockp rep_mime_type ^app/x-hotbar-xip20$
> acl mimeblockp rep_mime_type ^application/x-icq$
> acl mimeblockp rep_mime_type ^.*AIM.*
> acl mimeblockp rep_mime_type ^.*AIM/HTTP
> acl mimeblockp rep_mime_type ^application/x-comet-log$
> acl mimeblockp rep_mime_type ^application/x-pncmd$
>
> ##### Setting Access controls
> http_access deny mimeblockq
> http_reply_access deny mimeblockp
>
>
>
>
Received on Thu Mar 11 2004 - 11:30:29 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST