Re: Filter out Sex... Sites from Nguyen Dang Phuoc Dong on 1998-10-16 (squid-users)

From: Nguyen Dang Phuoc Dong <dongnd@dont-contact.us>
Date: Fri, 16 Oct 1998 20:59:43 +0700

-----Original Message-----
From: Dan <Dan@Elrond.Gimli.com>
To: Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn>; squid-users@ircache.net
<squid-users@ircache.net>
Date: Friday, October 16, 1998 7:52 PM
Subject: Re: Filter out Sex... Sites

>Hi,
>And why such circuit does not work? SquidPatch2
>acl sex-stop dstdomain playboy.com sex.com hotsex.com
>http_access deny sex-stop
>any ideas....?
>bye Dan

Because the http_access rules is searched from the beginning to the end of
the list and the first match is applied. Suppose that I have two http_access
rules as follow:

acl LOCAL src 172.16.0.0/255.255.0.0
http_access allow LOCAL

acl sex-stop dstdomain playboy.com sex.com hotsex.com
http_access deny sex-stop

Then the LOCAL user can access playboy.com, sex.com or hotsex.com because
their computer IP address match the first rules. Therefore, the second rules
is bypass.

Is this your situation?

Dong
Received on Fri Oct 16 1998 - 08:09:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:32 MST