[squid-users] http_access conundrum

From: Tomas Palfi <[email protected]>
Date: Wed, 19 Oct 2005 16:46:44 +0100

To all,

I am using external authentication ldap, where on a group basis I am
blocking file extensions such as \.exe$ \.zip$ etc. Members of this
group are restricted from downloading executable and zip files.

Now, I have a number of users which are using client software which
needs to be regularly updated by exe files from the internet. I would
like to allow those users to be able to access the exe files from the
nominated sites only. I created another group for them and tried to
exclude them from the exe ban list for the specific sites only.

Existing rules:

acl internet_access6 external ldap_group Access-Exe-Bacs
acl exe-bacs dstdomain "/usr/local/squid/var/exe-sites.tp" - these are
the domains I would like those exe files from, but nowhere else!

acl internet_access3 external ldap_group Access-Internet
acl word-control url_regex -i "/usr/local/squid/var/word-control.tp"
acl site-control dstdomain "/usr/local/squid/var/site-control.tp"
acl download urlpath_regex \.exe$ \.zip$

I can either block or no site at all.

Many thanks for your help

Tomas

--
tp
PRIVACY & CONFIDENTIALITY
This e-mail is private and confidential.  If you have, or suspect you have received this message in error please notify the sender as soon as possible and remove from your system.  You may not copy, distribute or take any action in reliance on it. Thank you for your co-operation.
Please note that whilst best efforts are made, neither the company nor the sender accepts any responsibility for viruses and it is your responsibility to scan the email and attachments (if any).
This e-mail has been automatically scanned for viruses by MessageLabs.
Received on Wed Oct 19 2005 - 09:47:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST