RE: [squid-users] Allowing accidentally blocked sites

From: <squid3@dont-contact.us>
Date: Mon, 16 Jul 2007 09:25:33 +1200 (NZST)

<text re-sequenced>

> fre 2007-07-13 klockan 23:49 -0400 skrev administrador@cha.jovenclub.cu:
>> what i have in the squid.conf is something like this:
>>
>> acl porn url_regex -i "/etc/squid/porn"
>> acl allowed_site url_regex -i "/etc/squid/allowed"
>>
>> http_access deny porn
>
> replace the above with
>
> http_access deny !allowed_site porn
>
> Regards
> Henrik
>

> fre 2007-07-13 klockan 23:49 -0400 skrev administrador@cha.jovenclub.cu:
> If i do that, all clients will be allowed to Access these allowed sites
> without password or IPAddress verification. Considering that squid tries
> to
> find the first matching rule and doesn´t read any further. It will only
> reach that rule and ignore the rest of the access rules.

You are not entirely corrcet there.

Firstly, Squid will only allow sites if the "allow" permission is granted.
The ACL you were given was a DENY, it will at worst prevent access to a
site it shouldn't (the case you have right now).

Secondly, the ACL had two parts, BOTH must match before the rule is
considered. Thus is will fail to deny on any "allowed_sites" even if they
are "porn".

Also, please don't top-post.

Amos

>
> Administrador del Nodo C.Habana
> telefono: 863-1648
> web: www.ciudad.jovenclub.cu
> e-mail: administrador@cha.jovenclub.cu
>
> -----Mensaje original-----
> De: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Enviado el: sábado, 14 de julio de 2007 3:46
> Para: administrador@cha.jovenclub.cu
> CC: squid-users@squid-cache.org
> Asunto: Re: [squid-users] Allowing accidentally blocked sites
>
> fre 2007-07-13 klockan 23:49 -0400 skrev administrador@cha.jovenclub.cu:
>> I am filtering some porn sites using url_regex. I have some gneral
>> patterns in the file that block most of the bad sites but it also
>> blocks good sites which URLs contain those key words that are
>> registered in the url_regex file. I want to allow those sites
>> including safe internet navigation
>>
Received on Sun Jul 15 2007 - 15:25:36 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT