Hi !
Something that could help you because it's simplier (IMHO) to manage
ACLs, is SquidGuard.
I use it and find it Extremely good.
Matching a rule with or without excerptions, is just a matter of typing
the word/url/address you are considering to ban/allow.
Regards
Valter
Reale Marco wrote:
Why confused?
Becuase this morning I discovered that the word causing "access denied" is "Pene"; this
word is contained in acl "bad_word_content_type":
acl bad_word_content_type url_regex -i sesso culo culi tette nudo nuda seno
seni PENE cazzo cazzi teen figa webtv streaming tvgratis
Reading log you can see:
2006/11/16 12:41:44| The request GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif
is ALLOWED, because it matched 'DomainUsers'
2006/11/16 12:41:44| The reply for GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TTJV2/$file/banner_vialomellina2.gif
is ALLOWED, because it matched 'all'
2006/11/16 12:41:44| The request GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif
is ALLOWED, because it matched 'DomainUsers'
2006/11/16 12:41:44| The reply for GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VKNZM/$file/banner_dirittiinfanzia.gif
is ALLOWED, because it matched 'all'
2006/11/16 12:41:44| The request GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif
is DENIED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The reply for GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6VDMS9/$file/multe1.gif
is ALLOWED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The request GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif
is DENIED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The reply for GET
http://www.comune.milano.it/webcity/portale/homepage.nsf/wAll/DSEV-6TDA43/$file/mozart.gif
is ALLOWED, because it matched 'Proxy_Internet_Ts'
2006/11/16 12:41:44| The request GET
http://www.comune.milano.it/home/css/home.css is ALLOWED, because it matched
'DomainUsers'
..............
..............
Is possibile to have in access.log "blocked by bad_word_content_type" acl? Or
something similar?
Reading log I see ALLOWED,DENY,ALLOWED,DENY....but this didn't help me. Also because, for
example, "DENIED, because it matched 'Proxy_Internet_Ts'" apparently doesn't
have any sense (at least in this case)
Thanks
-----Messaggio originale-----
Da: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Inviato: giovedì 16 novembre 2006 18.07
A: Reale Marco
Cc: [email protected]
Oggetto: Re: [squid-users] Squid: What is wrong in myacl????
tor 2006-11-16 klockan 16:59 +0100 skrev Reale Marco:
I'll briefly try to explain:
1) visiting www.comune.milano.it the user/credential pop-up was shown
to me I tried to increase debug_option but it didn't help me because
log was confused
In what sense was it confused?
"The request .. is DENIED because it matched acl XXX" says the last acl on the
http_access line which denied access. or the first encountered acl requiring
authentication if the request was not authenticated.
"The reply for .." lines says what happened in http_reply_access.
Regards
Henrik
