[squid-users] Question regarding how to set an acl to not being DENIED

Hi ALL,

I have this config and I’m trying to block Msn and other kind of
downloads(IE windows media and mp3).
But I would like to leave one rule to allow all pages without any
restriction or authentication for Directors and another VIP users.

I have only two acls that I would like to behave in this way: exclusivo and
whitelist.
But even I’m allowing two acls they got denied by these acls mimeblockqreq,
mimeblockqreq and useragent.
Any Idea ?

Many thanks, Leon.

acl ldapvarig proxy_auth REQUIRED

acl varigsite src "/usr/local/squid/etc/acls/varigsite"

acl ip_unico max_user_ip -s 1

acl deny_range src "/usr/local/squid/etc/acls/deny_range"
acl proxy_distribuidos src "/usr/local/squid/etc/acls/proxy_distribuidos"

acl ips_varig src "/usr/local/squid/etc/acls/ips_varig"

acl blacklist url_regex -i "/usr/local/squid/etc/acls/blacklist"
acl whitelist url_regex -i "/usr/local/squid/etc/acls/whitelist"
acl download urlpath_regex -i "/usr/local/squid/etc/acls/download"
acl mimeblockqreq req_mime_type -i "/usr/local/squid/etc/acls/mimeblock"
acl mimeblockqrep rep_mime_type -i "/usr/local/squid/etc/acls/mimeblock"
acl useragent browser -i "/usr/local/squid/etc/acls/useragent"

acl to_varignet dst 57.32.0.0/255.255.0.0

acl sita_aero dstdomain .sita.aero

acl exclusivo proxy_auth -i "/usr/local/squid/etc/acls/exclusivo1"

http_access allow varigsite
http_reply_access allow exclusivo

http_access allow ips_varig whitelist
http_access allow !deny_range whitelist
http_access allow proxy_distribuidos whitelist
http_reply_access allow ips_varig whitelist
http_reply_access allow !deny_range whitelist
http_reply_access allow proxy_distribuidos whitelist

http_access allow ips_varig to_varignet
http_access allow !deny_range to_varignet
http_access allow proxy_distribuidos to_varignet
http_reply_access allow ips_varig to_varignet
http_reply_access allow !deny_range to_varignet
http_reply_access allow proxy_distribuidos to_varignet

http_access allow proxy_distribuidos sita_aero
http_reply_access allow proxy_distribuidos sita_aero

http_access allow exclusivo
http_reply_access allow exclusivo

http_access deny ldapvarig ip_unico

http_access deny useragent
http_access deny mimeblockqreq
http_reply_access deny mimeblockqreq
http_access deny mimeblockqrep
http_reply_access deny mimeblockqrep
http_reply_access deny blacklist
http_access deny blacklist

http_access allow ips_varig !blacklist !download ldapvarig

http_access allow !deny_range !blacklist !download ldapvarig

#To deny_info work
#http_access deny blacklist

#To deny_info work
http_access deny download

#To deny_info work
http_access deny deny_range

#To deny_info work
http_access deny proxy_distribuidos

# And finally deny all other access to this proxy
http_access deny all

_________________________________________________________________
MSN Messenger: converse com os seus amigos online.
http://messenger.msn.com.br
Received on Mon Nov 08 2004 - 12:02:08 MST