Re: [squid-users] Allowing downloads from certain sites

Fri, 29 Jun 2012 04:51:31 -0700 

On 29/06/2012 11:02 p.m., Edmonds Namasenda wrote:

Shastri, try the below

Assume...
1. Preventing Downloads File (nodowns.txt) has the following
\.msi$
\.exe$
\.zip$
\.etc$

2. Trusted Sites File (goodsites.txt) has the following
*.*microsoft*.com*
*.*windows*.com*
*.*etc*.com*.com*


WTF? Does regex even accept that?

*.*microsoft*.com*
==> (zero or more 'nothings')(zero or more characters)(the text "microsof")(zero or more 't' characters)(any single character)(thetext "co")(zero or more 'm' characters) 

Don't you mean this?
  \.microsoft\.com
  \.windows\.com
  \.etc\.com\.com


Or perhapse the better version:

  acl goodsites dstdomain .microsoft.com .windows.com .etc.com.com



3. Accompanying ACLs for files above
acl nodowns urlpath_regex -i "/path_to/nodowns.txt" # With quotation marks
acl goodsites dstdomains -i "/path_to/goodsites.txt" # With quotation marks

4. Controlling Rule
http_access deny nodowns !goodsites # Put it above any "allow" rule

The above is my thinking, and I could do with correction.

# Edmonds
Pretty much. The problem is that Chaitanya supplied no details about their config. Could be much simpler or much more complicated. 

Amos



On Fri, Jun 29, 2012 at 12:30 PM, Chaitanya Shastri wrote:

Hi Amos,

    I have acl rules for preventing downloads on client machines. So a
client cannot download any file (for example, .exe, .zip .. etc ) on
his/her machine.
What I want is that all clients should be able to download any type of
file from certain trusted domain.
In short I want to allow a domain in my squid configuration from which
any client can download any type of file.

Thanks.

On Fri, Jun 29, 2012 at 1:15 PM, Amos Jeffries wrote:

On 29/06/2012 6:10 p.m., Chaitanya Shastri wrote:

Hi list,

    Is it possible to allow downloads from certain trusted sites?  I
tried using the url_regex acl to list certain trusted sites from which
our users can download any file.

    Ex. acl allow_downloads url_regex -i ^http:\/\/example\.com
          http_reply_access allow allow_downloads localnet  # where
localnet is my LAN range

    But its not working. Any ideas on how to get it work?

Thanks.


Any idea what is blocking them from working in the first place?

Amos

Reply via email to