[squid-users] Correct order of acl rules?
Walter H.
Walter.H at mathemainzel.info
Fri Feb 6 19:19:04 UTC 2015
Hello,
my squid.conf contains the following lines - in this order ...
acl allow_urlpaths urlpath_regex -i
"/etc/squid/allowurlpaths-regex-acl.squid"
acl block_urlpaths urlpath_regex -i
"/etc/squid/blockurlpaths-regex-acl.squid"
acl allow_urls url_regex -i "/etc/squid/allowurls-regex-acl.squid" <--
acl block_urls url_regex -i "/etc/squid/blockurls-regex-acl.squid" <--
acl allow_domains_list dstdomain "/etc/squid/allowdomains-list-acl.squid"
acl block_domains_list dstdomain "/etc/squid/blockdomains-list-acl.squid"
acl block_domains_listex dstdomain
"/etc/squid/blockdomains-listex-acl.squid"
acl allow_domains_regex dstdom_regex -i
"/etc/squid/allowdomains-regex-acl.squid"
acl block_domains_regex dstdom_regex -i
"/etc/squid/blockdomains-regex-acl.squid"
deny_info ERR_URL_BLOCKED block_urlpaths
deny_info ERR_URL_BLOCKED block_urls
deny_info ERR_DOMAIN_BLOCKED block_domains_list
deny_info ERR_DOMAIN_BLOCKED block_domains_listex
deny_info ERR_DOMAIN_BLOCKED block_domains_regex
http_access allow allow_urlpaths
http_access deny block_urlpaths
http_access allow allow_urls <--
http_access deny block_urls <--
http_access allow allow_domains_list
http_access deny block_domains_list
http_access deny block_domains_listex
http_access allow allow_domains_regex
http_access deny block_domains_regex
I marked 4 lines and I get a quite strange - or correct - behaviour ...
the file blockurls-regex-acl.squid
contains e.g.
^http:\/\/s[0-9]\.domain\.tld\/
the file allowurls-regex-acl.squid
contains e.g.
^http:\/\/s[1-2]+\.domain\.tld\/[a-z0-9\_\-\.]+\.gif
the purpose should be, that only gif images of root directory of only
the subdomains beginning with s1 or s2 of domain.tld should be allowed
the following url is blocked
http://s2443.domain.tld/ghfhfhf.gif
why?
Thanks,
Walter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5971 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150206/c8be98fa/attachment-0001.bin>
More information about the squid-users
mailing list