RE: [squid-users] acl deny versus acl allow?
Hi, Ok, well you were all right! Unfortunately I didn't know that the allow acl had to be above the deny. Ive used this and it works like a charm. acl misc_allow_list url_regex -i /etc/squid/block/misc_allow.list http_access allow misc_allow_list acl misc_block_list url_regex -i /etc/squid/block/misc_block.list http_access deny misc_block_list Thanks all! Roger -Original Message- From: Jeff Gerard [mailto:[EMAIL PROTECTED] Sent: 18 November 2008 07:31 To: squid-users@squid-cache.org Subject: Re: [squid-users] acl deny versus acl allow? My apologies...I misinterpreted what you said. I thought you meant deny should not be used at all - Original Message - From: Amos Jeffries Date: Monday, November 17, 2008 9:33 pm Subject: Re: [squid-users] acl deny versus acl allow? To: Jeff Gerard Cc: squid-users@squid-cache.org Jeff Gerard wrote:BR Can you clarify this? I have looked through the FAQ and there is plenty of reference to using deny and I can't see any mention of replacing deny with allow. You can write either: http_access deny something or http_access allow something not both on the same line. To quote straight from that FAQ page: Q: How do I allow my clients to use the cache? A: Define an ACL that corresponds to your client's IP addresses. Next, allow those clients in the http_access list. For example: acl myclients src 172.16.5.0/24 http_access allow myclients and more relevant to your stated example: Q: How do I implement an ACL ban list? A: ..., Another way is to deny access to specific servers which are known to hold recipes. For example: acl Cooking2 dstdomain www.gourmet-chef.com http_access deny Cooking2 http_access allow all Amos Thanks The word 'deny' is fully replaced with the word 'allow'. Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard
Re: [squid-users] acl deny versus acl allow?
On mån, 2008-11-17 at 15:25 +, Roger Thomas wrote: Hi, This is my first time posting to the mailing list, but I just wanted to know whether anyone knew how to do the below: I use the following to block a list of words from URL’s: acl misc_block_list url_regex -i /etc/squid/block/misc_block.list http_access deny misc_block_list I am trying to allow certain words, so for example, the word sex is in the block list, but I want the word sussex to be allowed. I have created another file called misc_allow.list but I’m not sure how to tell it to allow. I presumed something like this: acl misc_allow_list url_regex -i /etc/squid/block/misc_allow.list http_access allow deny misc_allow_list Hint 1: You can negate acls with ! Hint 2: You only need a single deny line. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] acl deny versus acl allow?
Hi, This is my first time posting to the mailing list, but I just wanted to know whether anyone knew how to do the below: I use the following to block a list of words from URLs: acl misc_block_list url_regex -i /etc/squid/block/misc_block.list http_access deny misc_block_list I am trying to allow certain words, so for example, the word sex is in the block list, but I want the word sussex to be allowed. I have created another file called misc_allow.list but Im not sure how to tell it to allow. I presumed something like this: acl misc_allow_list url_regex -i /etc/squid/block/misc_allow.list http_access allow deny misc_allow_list this doesnt work though. It says: If anyone can help, I would really appreciate it! Thank you all in advance, Regards, Roger [EMAIL PROTECTED]
Re: [squid-users] acl deny versus acl allow?
Roger Thomas wrote: Hi, This is my first time posting to the mailing list, but I just wanted to know whether anyone knew how to do the below: I use the following to block a list of words from URL’s: acl misc_block_list url_regex -i /etc/squid/block/misc_block.list http_access deny misc_block_list I am trying to allow certain words, so for example, the word sex is in the block list, but I want the word sussex to be allowed. I have created another file called misc_allow.list but I’m not sure how to tell it to allow. I presumed something like this: acl misc_allow_list url_regex -i /etc/squid/block/misc_allow.list http_access allow deny misc_allow_list this doesn’t work though. The word 'deny' is fully replaced with the word 'allow'. Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2
Re: [squid-users] acl deny versus acl allow?
Can you clarify this? I have looked through the FAQ and there is plenty of reference to using deny and I can't see any mention of replacing deny with allow. Thanks The word 'deny' is fully replaced with the word 'allow'.BR Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard
Re: [squid-users] acl deny versus acl allow?
Jeff Gerard wrote: Can you clarify this? I have looked through the FAQ and there is plenty of reference to using deny and I can't see any mention of replacing deny with allow. You can write either: http_access deny something or http_access allow something not both on the same line. To quote straight from that FAQ page: Q: How do I allow my clients to use the cache? A: Define an ACL that corresponds to your client's IP addresses. Next, allow those clients in the http_access list. For example: acl myclients src 172.16.5.0/24 http_access allow myclients and more relevant to your stated example: Q: How do I implement an ACL ban list? A: ..., Another way is to deny access to specific servers which are known to hold recipes. For example: acl Cooking2 dstdomain www.gourmet-chef.com http_access deny Cooking2 http_access allow all Amos Thanks The word 'deny' is fully replaced with the word 'allow'.BR Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2
Re: [squid-users] acl deny versus acl allow?
My apologies...I misinterpreted what you said. I thought you meant deny should not be used at all - Original Message - From: Amos Jeffries Date: Monday, November 17, 2008 9:33 pm Subject: Re: [squid-users] acl deny versus acl allow? To: Jeff Gerard Cc: squid-users@squid-cache.org Jeff Gerard wrote:BR Can you clarify this? I have looked through the FAQ and there is plenty of reference to using deny and I can't see any mention of replacing deny with allow. You can write either: http_access deny something or http_access allow something not both on the same line. To quote straight from that FAQ page: Q: How do I allow my clients to use the cache? A: Define an ACL that corresponds to your client's IP addresses. Next, allow those clients in the http_access list. For example: acl myclients src 172.16.5.0/24 http_access allow myclients and more relevant to your stated example: Q: How do I implement an ACL ban list? A: ..., Another way is to deny access to specific servers which are known to hold recipes. For example: acl Cooking2 dstdomain www.gourmet-chef.com http_access deny Cooking2 http_access allow all Amos Thanks The word 'deny' is fully replaced with the word 'allow'. Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard