[squid-users] Time-Based Download Restrictions
Edmonds Namasenda
namasenda at gmail.com
Mon Nov 30 14:56:20 UTC 2015
Greetings.
I want to deny access to certain downloads (in str-med.txt) during "WorkHrs"
This is failing miserably as this is not achieved.
Please look through my files (squid.conf and str-med.txt) below for
pointers to rectify this. Thanks in advance
### Start squid.conf ###
acl office-net src 10.10.2.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl WorkHrs time MTWHF 08:29-12:59
acl WorkHrs time MTWHFA 14:00-16:59
## Wrong Files and URLS
acl malice dstdomain -i "/etc/squid/malware.acl"
acl porn dstdomain -i "/etc/squid/xxx.acl"
acl ads dstdomain -i "/etc/squid/ads.acl"
acl proxies dstdomain -i "/etc/squid/proxies.acl"
acl nostr urlpath_regex -i "/etc/squid/str-med.txt"
http_access deny nostr WorkHrs
http_reply_access deny nostr WorkHrs
http_access deny !Safe_ports
http_access deny ads
http_access deny porn
http_access deny malice
http_access deny proxies
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow office-net all
# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
error_directory /usr/share/squid/errors/en
icp_access allow office-net
icp_access deny all
htcp_access allow office-net
htcp_access deny all
http_port 10.10.2.10:3128 intercept
http_port 127.0.0.1:3127
hierarchy_stoplist cgi-bin ?
cache_mem 400 MB
cache_dir aufs /var/cache/squid 20000 16 256
coredump_dir /var/cache/squid
access_log /var/log/squid/access.log squid
minimum_object_size 512 bytes
maximum_object_size_in_memory 10 MB
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160
reload-into-ims
refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160
reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.office\.net/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.windowsupdate\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.youtube\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.espnfc\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.kaspersky\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.mozilla\.net/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.mozilla\.org/ 0 80% 20160 reload-into-ims
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$
10080 90% 43200 ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200
override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200
override-expire ignore-no-cache ignore-auth ignore-reload
ignore-no-cache store-stale
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200
override-expire ignore-no-cache ignore-auth store-stale
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200
override-expire ignore-no-cache ignore-auth store-stale
logfile_rotate 7
debug_options rotate=1
quick_abort_min -1 KB
maximum_object_size 4 GB
acl youtube dstdomain .youtube.com
cache allow youtube
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 0% 4320
dns_nameservers 8.8.8.8 8.8.4.4
visible_hostname TheOffice
icp_port 3130
### End squid.conf ###
### Start str-med.txt
\.flv(\?.*)?$
\.(avi|mp4|mov|m4v|mkv|flv)(\?.*)?$
\.(mpg|mpeg|mp3|avi|mov|flv|wmv|mkv|rmvb)(\?.*)?$
\.exe(\?.*)$
\.(msi|cab|mar)(\?.*)$
\.torrent(\?.*)$
\.txt(\?.*)$
\.(afx|asf)(\?.*)?$
\.swf(\?.*)?$
### End str-med.txt
--
Namasenda I. P. Edmonds
More information about the squid-users
mailing list