[squid-users] Question regarding how to set an acl to not being DENIED

L E O N Mon, 08 Nov 2004 11:02:10 -0800

Hi ALL,

I have this config and I�m trying to block Msn and other kind of downloads(IE windows media and mp3). But I would like to leave one rule to allow all pages without any restriction or authentication for Directors and another VIP users.

I have only two acls that I would like to behave in this way: exclusivo and whitelist. But even I�m allowing two acls they got denied by these acls mimeblockqreq, mimeblockqreq and useragent. Any Idea ?

Many thanks, Leon.


acl ldapvarig proxy_auth REQUIRED


acl varigsite src "/usr/local/squid/etc/acls/varigsite"

acl ip_unico max_user_ip -s 1

acl deny_range src "/usr/local/squid/etc/acls/deny_range"
acl proxy_distribuidos src "/usr/local/squid/etc/acls/proxy_distribuidos"

acl ips_varig src "/usr/local/squid/etc/acls/ips_varig"

acl blacklist url_regex -i "/usr/local/squid/etc/acls/blacklist"
acl whitelist url_regex -i "/usr/local/squid/etc/acls/whitelist"
acl download urlpath_regex -i "/usr/local/squid/etc/acls/download"
acl mimeblockqreq req_mime_type -i "/usr/local/squid/etc/acls/mimeblock"
acl mimeblockqrep rep_mime_type -i "/usr/local/squid/etc/acls/mimeblock"
acl useragent browser -i "/usr/local/squid/etc/acls/useragent"

acl to_varignet dst 57.32.0.0/255.255.0.0

acl sita_aero dstdomain .sita.aero

acl exclusivo proxy_auth -i "/usr/local/squid/etc/acls/exclusivo1"

http_access allow varigsite
http_reply_access allow exclusivo

http_access allow ips_varig whitelist
http_access allow !deny_range whitelist
http_access allow proxy_distribuidos whitelist
http_reply_access allow ips_varig whitelist
http_reply_access allow !deny_range whitelist
http_reply_access allow proxy_distribuidos whitelist

http_access allow ips_varig to_varignet
http_access allow !deny_range to_varignet
http_access allow proxy_distribuidos to_varignet
http_reply_access allow ips_varig to_varignet
http_reply_access allow !deny_range to_varignet
http_reply_access allow proxy_distribuidos to_varignet

http_access allow proxy_distribuidos sita_aero
http_reply_access allow proxy_distribuidos sita_aero

http_access allow exclusivo
http_reply_access allow exclusivo

http_access deny ldapvarig ip_unico

http_access deny useragent
http_access deny mimeblockqreq
http_reply_access deny mimeblockqreq
http_access deny mimeblockqrep
http_reply_access deny mimeblockqrep
http_reply_access deny blacklist
http_access deny blacklist

http_access allow ips_varig !blacklist !download ldapvarig

http_access allow !deny_range !blacklist !download ldapvarig

#To deny_info work
#http_access deny blacklist

#To deny_info work
http_access deny download

#To deny_info work
http_access deny deny_range

#To deny_info work
http_access deny proxy_distribuidos

# And finally deny all other access to this proxy
http_access deny all

_________________________________________________________________ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br

[squid-users] Question regarding how to set an acl to not being DENIED

Reply via email to