Stewart James wrote: > > I figured it out. I had also added a iplist to the chat definitions, > I entered them with CIDR notation, which I thought SG could handle. > I have not had a chance to see what I did wrong there yet, but once > I removed the iplist definitions from the chat definitions things > started working as it expected. All I can figure is the faulty > iplist made SG skip over the chat definitions.
I'm glad to hear that you got it working. I thought I might toss out a few thoughts that might help with your follow-up research. You said: > "I had also added a iplist to the chat definitions..." and previously: > pass !anonmail !chat exceptions !proxy !mail .<snip>.. !labs all Based on your acl, "chat" exists as a destination group: -------------------------------------------------------- The source group specification "iplist" is not valid as a destination group specification, and will cause squidGuard to go into emergency mode (logged in squidGuard.log). IP addresses may be added to the "domains" and "urls" files. "!in-addr" can be used in your acl to force domain names (prohibiting ip addresses). If "chat" also exists as a source group: ---------------------------------------- "added an iplist" suggests one or more source group specifications already exists. Please note that within a source group definition, the logical operator between specifications is AND. (I would find it very confusing to duplicate names between source and destination groups.) Hope that helps! Rick > Thanks for your advice though. > > Cheers, > > Stewart > > On Mon, 2004-05-10 at 23:23, Michael Wray wrote: > > if the domain is broken down into machine names anywhere in the domains > > list, (i.e. somewhere in the same override list you have yahoo.com and > > msgs.yahoo.com) then it expects you to specify each group of machine names. > > (i.e. it'll match any URL with msgs.yahoo.com in it..but ONLY > > yahoo.com/whatever for yahoo.com....not messenger.yahoo.com, chat.yahoo.com) > > if that's what you really want to match, be sure that ONLY yahoo.com is in > > the domain lists...any other specifics should go in the URL list. (i.e. > > specific blocks.) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Stewart James > > Sent: Monday, May 10, 2004 1:36 AM > > To: [EMAIL PROTECTED] > > Subject: acl evaluation > > > > > > Hi all, > > > > I am trying to get something that I thought should work working :) > > (arent we all) > > > > I have a rule something like: > > pass !anonmail !chat exceptions !proxy !mail !gambling !porn !warez > > !labs all > > > > Now, here is what is blowing up on me. One of the vlacklists I get list > > yahoo.com as an mail site. I simply throw yahoo.com into the exceptions > > domain list, and now it is allowed. > > > > The problem. I have msg.yahoo.com (and shttp.msg.yahoo.com) in my chat > > domains, which as you can see is before the exceptions list, now I > > thought first match won, so in my logic the shttp.msg.yahoo.com is > > should now be hit before the yahoo.com exception in matched. > > > > What is even stranger is that the anonmailer dfomains list includes > > mail.yahoo.com, and this works fine. Can anyone think of any gotchas I > > might be overlooking, this is really starting to give me a nice little > > headache. > > > > Thanks, > > > > Stewart James > > > > > > >
