On Tue, 3 Feb 2004, Leon Dippenaar wrote: > Thank a million its much appreciated, that makes sense.. Now i think im > not getting my acl list the correct order quite correct because the MS > downloads are still being nailed , have a quick look below let me know > how bad the blunder is.... > > > acl trust src 172.16.1.145 > acl semi_trust src 172.16.2.245 > acl lan src 172.16.0.0/255.255.0.0 > acl ras src 172.17.1.0/255.255.255.0 > acl ftp proto FTP > acl download url_regex -i "/usr/local/squid/denydownload.txt" > acl download-allowed dstdomain .microsoft.com > acl porn url_regex "/usr/local/squid/etc/porn.txt" > acl noporn url_regex "/usr/local/squid/etc/noporn.txt"
ok. > > #####Trusted Users ####### > http_access allow porn trust > http_access allow ftp trust > http_access allow download trust These are more efficient if you list the ACLs in the opposite order. Simplest ACL first. Same functionality. http_access allow trust porn http_access allow trust ftp http_access allow trust download or maybe you want to simly allow everything for the trusted user: http_access allow trust > ##### Allowed Download sites ######### > http_access deny !download-allowed download lan > http_access deny !download-allowed download ras Ok from what I can tell. > ######Semi-Trusted####### > http_access allow porn semi_trust > ##### Semi-Trust DENY #### > http_access deny ftp semi_trust > http_access deny download semi_trust Are you sure it is not the above rules which blocks your downloads? > ######RAS Deny ######### > http_access deny porn ras > http_access deny ftp ras > http_access deny download ras Or these? > ##### LAN DENY ####### > http_access deny porn lan > http_access deny ftp lan > http_access deny download lan Or these? > ####### RAS Allow ######## > http_access allow ras > ######LAN Allow########### > http_access allow lan Ok. I would suggest you simplify your rules a bit. The above ruleset is inconsistent and have the download rules duplicated in several places. Regards Henrik
