>those won't do anything, use http_reply_access instead of http_access, >to deal with mime-types
I attached "partial acl" to this email only for example, infact in real squid.conf there is also http_reply_access to deal with deal mime-types. But do you suggest to use both https_access and http_reply_access, or only http_access directive ? > acl nosoundnovid rep_mime_type audio video This acl 'rep_mime_type audio video' contains all mime type of video audio streams ?! I have to add ' req_mime_type audio video' too ? >are you sure that you need to filter requests instead of reply here ? I answered you in first point. -----Messaggio originale----- Da: Erwann PENCREACH [mailto:erwann.pencre...@ch-chaumont.fr] Inviato: Friday, August 14, 2009 8:12 AM A: squid-users@squid-cache.org Oggetto: Re: [squid-users] acl order Hi Riccardo Castellani a écrit : > If create these entries in squid.conf: > > acl wwwebay dstdomain www.ebay.com > acl wwwcons dstdomain demo.consortium.com > acl emmepitre url_regex ^http://.*\.mp3 > acl msnmessq req_mime_type -i ^application/x-msn-messenger$ > acl msnmessp rep_mime_type -i ^application/x-msn-messenger$ > acl audiosp rep_mime_type -i ^audio/wav$ > acl videosp req_mime_type -i ^application/x-shockwave-flash$ > acl streaming_mediap rep_mime_type ^video/x-ms-asf > acl streaming_mediap rep_mime_type ^audio/mpeg > acl streaming_mediap rep_mime_type ^audio/x-scpls > acl streaming_mediap rep_mime_type ^video/x-flv > > http_access allow user2 > http_access allow user3 > http_access deny msnmessp > http_access deny audiosp > http_access deny videosp > http_access deny streaming_mediap > those won't do anything, use http_reply_access instead of http_access, to deal with mime-types http_access allow user1 wwwebay > http_access allow user1 wwwcons > http_access deny wwwebay > http_access allow user4 > ... > ... > ... > http_access allow user100 > http_access deny all > # > http_reply_access allow user2 > http_reply_access allow user3 > http_reply_access deny msnmessp > http_reply_access deny audiosp > http_reply_access deny videosp > http_reply_access deny streaming_mediap > http_reply_access allow all > > > In this case, I'd like: > > user2+3 can access to everything. > User1 can access only to www.ebay.com > User4 to user 100 can access everything except msnmessp, audiosp, videosp, > streaming_mediap, wwwebay, wwwcons. > > > What's order on which rules are scanned from squid ? from top to bottom > What do you think about my schema criteria ? - your audio and video filtering are not exaustive, I prefer using : acl nosoundnovid rep_mime_type audio video - are you sure that you need to filter requests instead of reply here ? acl msnmessq req_mime_type -i ^application/x-msn-messenger$ acl videosp req_mime_type -i ^application/x-shockwave-flash$ > > -- > Ce courrier électronique a été vérifié et est exempt de virus connus à ce jour. > Contactez votre administrateur pour plus de renseignement. > postmas...@ch-chaumont.fr -- Ce courrier ÿlectronique a ÿtÿ vÿrifiÿ et est exempt de virus connus ÿ ce jour. Contactez votre administrateur pour plus de renseignement. postmas...@ch-chaumont.fr
