[squid-users] allowing zip only for a specific url regex

robert k Wild robertkwild at gmail.com
Tue May 5 13:39:41 UTC 2020 

Thanks Amos,

so how would I allow these urls with a wild card then

Http://domain.com/path/1/to/any/where

Http://domain.com/path/2/to/any/where

Would I do this

Http://domain.com/path/*

Thanks,
Rob

On Tue, 5 May 2020, 14:04 Amos Jeffries, <squid3 at treenet.co.nz> wrote:

> On 6/05/20 12:42 am, robert k Wild wrote:
> > cool thanks Amos :)
> >
> > if your interested these are my lines in my config
> >
> > #allow special URL paths
> > acl special_url url_regex "/usr/local/squid/etc/urlspecial.txt"
> >
> > #deny MIME types
> > acl mimetype rep_mime_type "/usr/local/squid/etc/mimedeny.txt"
> > http_reply_access allow special_url
>
> The above is wrong. It is allowing by URL, regardless of the mime type.
>
> > http_reply_access deny mimetype
> >
>
> That is the opposite of your stated requirement. It will *prevent* the
> mime type check from identifying downloads in the special_url.
>
> A better way to write the above policy would be:
>
>   http_reply_access deny !special_url mimetype
>
>
> Also, be aware that http_reply_access denial only prevents the download
> reaching the client. It still has to be fully downloaded by Squid - lots
> of bandwidth and processing cycles wasted.
>  If you are blocking traffic by URL do that in http_access instead.
>
>
> > urlspecial.txt
> >
> > http://updater.maxon.net/server_test
> > http://updater.maxon.net/customer/R21.0/updates15
> > http://updater.maxon.net/customer/general/updates15
> > ^http://ccmdl.adobe.com/AdobeProducts/KCCC/1/win64/packages/.*
> > ^http://ccmdl.adobe.com/AdobeProducts/KCCC/1/osx10/packages/.*
> > ^http://www.eztitles.com/download.php?
> > ^https://attachments.office.net/owa/.*
> >
>
> Do not put .* on the end of regex patterns. That only forces the regex
> library to scan longer than necessary and waste memory.
>
> Also this pattern:
>
>  ^http://www.eztitles.com/download.php?
>
> actually means:
>
>  ^http://www.eztitles.com/download.ph
>
> ('?' is a regex special character. Like '*' it is deceptively harmful at
> the start or end of a pattern)
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200505/073bf800/attachment.html>

More information about the squid-users mailing list