Re: [squid-users] http_access conundrum

From: Christoph Haas <[email protected]>
Date: Wed, 19 Oct 2005 20:47:06 +0200

On Wednesday 19 October 2005 17:46, Tomas Palfi wrote:
> I am using external authentication ldap, where on a group basis I am
> blocking file extensions such as \.exe$ \.zip$ etc. Members of this
> group are restricted from downloading executable and zip files.
>
> Now, I have a number of users which are using client software which
> needs to be regularly updated by exe files from the internet. I would
> like to allow those users to be able to access the exe files from the
> nominated sites only. I created another group for them and tried to
> exclude them from the exe ban list for the specific sites only.
>
> Existing rules:
>
> acl internet_access6 external ldap_group Access-Exe-Bacs
> acl exe-bacs dstdomain "/usr/local/squid/var/exe-sites.tp" - these are
> the domains I would like those exe files from, but nowhere else!
>
>
> acl internet_access3 external ldap_group Access-Internet
> acl word-control url_regex -i "/usr/local/squid/var/word-control.tp"
> acl site-control dstdomain "/usr/local/squid/var/site-control.tp"
> acl download urlpath_regex \.exe$ \.zip$
>
>
> I can either block or no site at all.

You didn't tell us which http_access statements you tried. Very much sounds
like a wrong order of http_access lines.

> PRIVACY & CONFIDENTIALITY
>
> This e-mail is private and confidential.

Why do you post it to a public mailing list then?

Regards
 Christoph

-- 
~
~
".signature" [Modified] 1 line --100%--                1,48         All
Received on Wed Oct 19 2005 - 12:47:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST