Marco Simon wrote:
>
> some solutions can be so easy...
> The Problem was the missing redirect-line...
>
> But anyway:
> It seems as if I had missunderstood the following
> lines:
> default
> { pass !blacklist none
> redirect http://myurl
> }
>
> What I thougt it means:
> If no other rule fits, then pass nothing, but the domains given by
> blacklist.
> What happens effectively:
> All URL's are passed, but the ones which are written in blacklist/domains
>
> Where is my thinking-mistake ?!
squidGuard capabilities are defined (limited) by Squid's redirector
interface. squidGuard's response must be either a blank line
(approved), or a new URL that the user should be redirected to.
squidGuard cannot "block", it can only "redirect", and it cannot
redirect without a redirect statement telling it where to send
them.
The acl statement 'pass !blacklist none' will have the same end
result as 'pass none', but it will take a little longer to get there
(because it will deny URLs in blacklist before it denies everything).
The statement is interpreted as follows:
pass !blacklist (nothing in blacklist) none (nothing)
Here are a couple of acl statements that logically make more sense:
pass allowed (anything in allowed) none (nothing)
pass !adult (nothing in adult) all (anything)
I prefer to use the default acl as the catch-all - any transaction
that makes it to the default acl is from an unknown user or device,
so my default acl is almost always 'pass none'.
Rick
