Re: Fw: [squid-users] Not able to access specific web sites.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 10 Dec 2002 17:44:30 +0100

tor 2002-11-28 klockan 15.27 skrev Manjunath:
> Hello All,
>
> I am forwarding this mail again as I did not get any response, I searched
> the FAQ & web and tried everything still I am not able to solve this, Please
> help me
>
> I have put http_access allow noporn before porn as below in squid.conf
>
> http_access allow noporn all localnet localhost
> http_access deny porn all

It is usually easier to write these rules as a deny rule alone, such as

http_access deny !noporn porn

A more complete configuration is show below, using 3 different acls for
porn blocking

  1 url_regex for "porn" expressions
  1 dstdomain for known "porn" domains
  1 dstdomain for known "not porn" domains

Note that you must be very careful when writing your porn expressions to
make sure the regex patterns only match what you intend to match, or
else your "not porn" domains list will grow really large by time..

Using another url_regex to negate the effect of a url_regex is not
really feasible. You should refine the regex expressions of the first
instead.

# Allow manager from adminhosts only (webservers where
# cachemgr.cgi runs)
acl adminhosts src 127.0.0.1 192.168.1.54 ...
http_access allow manager adminhosts
http_access deny manager

# Deny unsafe ports
http_access deny CONNECT !SSL_Ports
http_access deny !CONNECT !Safe_Ports

# Deny porn
acl porn_expressions url_regex "/path/to/porn_expressions.txt"
acl porn_domains dstdomain "/path/to/porn_domains.txt"
acl noporn_domains dstdomain "/path/to/noporn_domains.txt"
http_access deny !noporn_domains porn_expressions
http_access deny porn_domains

# Allow access from our users
acl localnet src 192.168.1.0/24 ...
http_access allow localnet

Regards
Henrik
Received on Tue Dec 10 2002 - 09:44:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:02 MST