Re: [squid-users] acl deny versus acl allow?
On mån, 2008-11-17 at 15:25 +, Roger Thomas wrote: > Hi, > > This is my first time posting to the mailing list, but I just wanted to know > whether anyone knew how to do the below: > > I use the following to block a list of words from URL’s: > > acl misc_block_list url_regex -i "/etc/squid/block/misc_block.list" > http_access deny misc_block_list > > I am trying to allow certain words, so for example, the word sex is in the > block list, but I want the word sussex to be allowed. > I have created another file called misc_allow.list but I’m not sure how to > tell it to allow. I presumed something like this: > > acl misc_allow_list url_regex -i "/etc/squid/block/misc_allow.list" > http_access allow deny misc_allow_list Hint 1: You can negate acls with ! Hint 2: You only need a single deny line. Regards Henrik signature.asc Description: This is a digitally signed message part
RE: [squid-users] acl deny versus acl allow?
Hi, Ok, well you were all right! Unfortunately I didn't know that the allow acl had to be above the deny. Ive used this and it works like a charm. acl misc_allow_list url_regex -i "/etc/squid/block/misc_allow.list" http_access allow misc_allow_list acl misc_block_list url_regex -i "/etc/squid/block/misc_block.list" http_access deny misc_block_list Thanks all! Roger -Original Message- From: Jeff Gerard [mailto:[EMAIL PROTECTED] Sent: 18 November 2008 07:31 To: squid-users@squid-cache.org Subject: Re: [squid-users] acl deny versus acl allow? My apologies...I misinterpreted what you said. I thought you meant "deny" should not be used at all - Original Message - From: Amos Jeffries Date: Monday, November 17, 2008 9:33 pm Subject: Re: [squid-users] acl deny versus acl allow? To: Jeff Gerard Cc: squid-users@squid-cache.org > Jeff Gerard wrote:> > Can you clarify this? I have looked through the FAQ and there > is plenty of reference to using "deny" and I can't see any > mention of replacing "deny" with "allow". > > > > You can write either: > http_access deny something > or > http_access allow something > > not both on the same line. > > To quote straight from that FAQ page: > " > Q: How do I allow my clients to use the cache? > A: Define an ACL that corresponds to your client's IP addresses. > Next, allow those clients in the > http_access list. > > For example: > acl myclients src 172.16.5.0/24 > http_access allow myclients > " > > and more relevant to your stated example: > > " > Q: How do I implement an ACL ban list? > A: ..., Another way is to deny access to specific servers which > are > known to hold recipes. > > For example: > acl Cooking2 dstdomain www.gourmet-chef.com > http_access deny Cooking2 > http_access allow all > " > > Amos > > > Thanks > > > >> The word 'deny' is fully replaced with the word > 'allow'. > > >> Please read and understand the FAQ on ACL before continuing > with > >> your > >> testing: > >> http://wiki.squid-cache.org/SquidFaq/SquidAcl > >> > >> Amos > >> -- > >> Please be using > >> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > >> Current Beta Squid 3.1.0.2 > >> > > > > --- > > Jeff Gerard > > > -- > Please be using > Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > Current Beta Squid 3.1.0.2 > --- Jeff Gerard
Re: [squid-users] acl deny versus acl allow?
My apologies...I misinterpreted what you said. I thought you meant "deny" should not be used at all - Original Message - From: Amos Jeffries Date: Monday, November 17, 2008 9:33 pm Subject: Re: [squid-users] acl deny versus acl allow? To: Jeff Gerard Cc: squid-users@squid-cache.org > Jeff Gerard wrote:> > Can you clarify this? I have looked through the FAQ > and there > is plenty of reference to using "deny" and I can't see any > mention of replacing "deny" with "allow". > > > > You can write either: > http_access deny something > or > http_access allow something > > not both on the same line. > > To quote straight from that FAQ page: > " > Q: How do I allow my clients to use the cache? > A: Define an ACL that corresponds to your client's IP addresses. > Next, allow those clients in the > http_access list. > > For example: > acl myclients src 172.16.5.0/24 > http_access allow myclients > " > > and more relevant to your stated example: > > " > Q: How do I implement an ACL ban list? > A: ..., Another way is to deny access to specific servers which > are > known to hold recipes. > > For example: > acl Cooking2 dstdomain www.gourmet-chef.com > http_access deny Cooking2 > http_access allow all > " > > Amos > > > Thanks > > > >> The word 'deny' is fully replaced with the word > 'allow'. > > >> Please read and understand the FAQ on ACL before continuing > with > >> your > >> testing: > >> http://wiki.squid-cache.org/SquidFaq/SquidAcl > >> > >> Amos > >> -- > >> Please be using > >> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > >> Current Beta Squid 3.1.0.2 > >> > > > > --- > > Jeff Gerard > > > -- > Please be using > Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > Current Beta Squid 3.1.0.2 > --- Jeff Gerard
Re: [squid-users] acl deny versus acl allow?
Jeff Gerard wrote: Can you clarify this? I have looked through the FAQ and there is plenty of reference to using "deny" and I can't see any mention of replacing "deny" with "allow". You can write either: http_access deny something or http_access allow something not both on the same line. To quote straight from that FAQ page: " Q: How do I allow my clients to use the cache? A: Define an ACL that corresponds to your client's IP addresses. Next, allow those clients in the http_access list. For example: acl myclients src 172.16.5.0/24 http_access allow myclients " and more relevant to your stated example: " Q: How do I implement an ACL ban list? A: ..., Another way is to deny access to specific servers which are known to hold recipes. For example: acl Cooking2 dstdomain www.gourmet-chef.com http_access deny Cooking2 http_access allow all " Amos Thanks The word 'deny' is fully replaced with the word 'allow'.> Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2 --- Jeff Gerard -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2
Re: [squid-users] acl deny versus acl allow?
Can you clarify this? I have looked through the FAQ and there is plenty of reference to using "deny" and I can't see any mention of replacing "deny" with "allow". Thanks > The word 'deny' is fully replaced with the word 'allow'.> > Please read and understand the FAQ on ACL before continuing with > your > testing: > http://wiki.squid-cache.org/SquidFaq/SquidAcl > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > Current Beta Squid 3.1.0.2 > --- Jeff Gerard
Re: [squid-users] acl deny versus acl allow?
Roger Thomas wrote: Hi, This is my first time posting to the mailing list, but I just wanted to know whether anyone knew how to do the below: I use the following to block a list of words from URL’s: acl misc_block_list url_regex -i "/etc/squid/block/misc_block.list" http_access deny misc_block_list I am trying to allow certain words, so for example, the word sex is in the block list, but I want the word sussex to be allowed. I have created another file called misc_allow.list but I’m not sure how to tell it to allow. I presumed something like this: acl misc_allow_list url_regex -i "/etc/squid/block/misc_allow.list" http_access allow deny misc_allow_list this doesn’t work though. The word 'deny' is fully replaced with the word 'allow'. Please read and understand the FAQ on ACL before continuing with your testing: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2