Note

The letter d is equivalent to mtwhf in meaning "all the days of the working week."

Notice that there are two http_access lines for the newssites category: one for worktime and one for freetime. This is because all the conditions must be matched for a line to be matched. Alternatively, you can write this:

http_access allow newssites worktime freetime

However, if you do that and someone visits news.bbc.co.uk at 2:30 p.m. (14:30) on a Tuesday, Squid will work like this:

Is the site in the newssites category? Yes, continue.

• Is the time within the worktime category? Yes, continue.

• Is the time within the freetime category? No; do not match rule, and continue searching for rules.

It is because of this that two lines are needed for the worktime category.

One particularly powerful way to filter requests is with the url_regex ACL line. This allows you to specify a regular expression that is checked against each request: If the expression matches the request, the condition matches.

For example, if you want to stop people downloading Windows executable files, you would use this line:

acl noexes url_regex -i exe$

The dollar sign means "end of URL," which means it would match http://www.somesite.com/virus.exe but not http://www.executable.com/innocent.html. The -i part means "not case-sensitive," so the rule will match .exe, .Exe, .exe, and so on. You can use the caret sign (A) for "start of URL."

For example, you could stop some pornography sites using this ACL:

acl noporn url_regex -i sex

Do not forget to run the kill -sighup command each time you make changes to Squid; otherwise, it will not reread your changes. You can have Squid check your configuration files for errors by running squid -k parse as root. If you see no errors, it means your configuration is fine.

Was this article helpful?

0 0

Post a comment