Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[squid-users] Denied sites x Dynamic pages

2 views
Skip to first unread message

fe...@ig.com.br

unread,
Apr 29, 2002, 4:55:32 PM4/29/02
to

--Message-Boundary-1020113406
Content-type: text/plain; charset=US-ASCII
Content-description: Mail message body
Content-transfer-encoding: 7BIT

Hello All,

Thanks Simon and Edwin for your replies.

Please find attached my denied.txt which in fact I have downloaded from this
site..... For example, I can´t access www.squid-cache.org when I uncomment
the "http_access deny nosite" line......

Thanks once again.....

Fernanda


Em 29 Apr 2002, Simon White escreveu:

>29-Apr-02 at 13:19, fe...@ig.com.br (fe...@ig.com.br) wrote :
>> However, I still can´t make squid block properly certain sites as per the
>> instructions I´ve found. When I block them, there are some other dynamic
>> pages that are blocked as well, which are not intended to be blocked.
>
>> I am running Squid 2.4 Stable 1 on Linux Red Hat 7.2. Here it is an
> extract of my squid.conf file:
>>
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> no_cache deny QUERY
>> acl rionet src 121.200.200.0/255.0.0.0
>> acl nosite url_regex "/usr/local/squid/etc/denied.txt"
>> #Deny access to certain sites
>> http_access deny nosite
>> #Allow access to our local network
>> http_access allow rionet
>> http_access allow localhost
>
>Can you send a small amount of the denied.txt file, since the actual
>regexps are in there. Dynamic pages are set to not be cached, but are not
>set to be blocked, in the config above.
>
>--
>[Simon White. vim/mutt. si...@mtds.com. GIMPS:95.16% see www.mersenne.org]
>If the brain was so simple that we could understand it, we would be so
>simple that we could not understand it -- Lyall Watson
>[Linux user #170823 http://counter.li.org. Home cooked signature rotator.]
>
>----------

_________________________________________________________________________
Você podia estar baixando sua musica predileta, enquanto lia esse e-mail.
Não perca tempo, tenha acesso rápido a internet com o Super iG.
http://registro.ig.com.br/superig

--Message-Boundary-1020113406
Content-type: text/plain; name="denied.txt"; type=Unknown
Content-description: denied.txt
Content-transfer-encoding: Quoted-printable
Content-disposition: attachment

3x=0D
adult=0D
amateur=0D
anzwers=0D
asian=0D
ass=0D
babe=0D
babes=0D
babilonx=0D
bizarre=0D
bizzarre=0D
blow=0D
blow=0D
boobs=0D
brunette=0D
celeb=0D
cicciolina=0D
coppie=0D
couple=0D
crazy=0D
cum=0D
denispenis=0D
dick=0D
dirty=0D
ebony=0D
eros=0D
erot=0D
extacy=0D
fetish=0D
fuck=0D
gay=0D
girl=0D
hard=0D
horny=0D
http://www.beckys-dungeon.com/=0D
http://www.call-kelly.com/=0D
http://www.digitalchicks.com/=0D
http://www.europix.com/=0D
http://www.extremethumbs.com/=0D
http://www.freepicsandmovies.com/=0D
http://www.heavyhotties.com/=0D
http://www.hotadventures.com=0D
http://www.hpic.com/=0D
http://www.libraryofthumbs.com/=0D
http://www.littlecinderella.com/=0D
http://www.mygrannys.com/=0D
http://www.peeclub.com/=0D
http://www.pervertedpix.com/=0D
http://www.realfreepics.com/=0D
http://www.serenagirl.com/=0D
http://www.suzi-wong.com/=0D
http://www.swedishcovergirl.com/=0D
http://www.troie.com/=0D
illegal=0D
interracial=0D
kamilla=0D
latin=0D
lesb=0D
livecam=0D
lolitas=0D
matur=0D
models=0D
movepost=0D
nasty=0D
nude=0D
picpost=0D
porn=0D
pregnant=0D
pussy=0D
pythonvideo=0D
schoolgirls=0D
sesso=0D
sex=0D
sheboy=0D
shemale=0D
suck=0D
teen=0D
tgirl=0D
tgp=0D
tits=0D
titties=0D
tranny=0D
video=0D
virgin=0D
vivid=0D
voyeur=0D
wives=0D
www.ampland.com=0D
www.bloatedgoat.com=0D
www.excyte.it =0D
www.freeheaven.com =0D
www.fuxx.com =0D
www.playboy.com =0D
www.figa.com
www.rednready.com =0D
xxx=0D

--Message-Boundary-1020113406--

Squid Support (Henrik Nordstrom)

unread,
May 1, 2002, 3:44:14 PM5/1/02
to
Figure out which of your regex patterns that are causing these other
pages to get blocked, and then review these to see if there is better
ways to block these not causing as many false matches.

regex is a very powerful pattern matching language, but writing
correct regex:es for filtering "bad" content is tricky at best. See
"man 7 regex" and "info regex" for regex language syntax. (Squid uses
what is called "Modern" or "Extended" regex).


Some goodies that is helpful when writing Squid filter patterns:

\. matches a dot (. matches any character)
\b matches a word boundary (some OS:es may require
--enable-gnu-regex)
^ and $ matches the start and end respectively of the string looked
at (^ is quite useful in url_regex, while $ is useful in dstdom_regex)
[] matches any of the characters between the brackets

Regards
Henrik


On Wednesday 01 May 2002 01:34, Fernanda Santos wrote:
> Hello All,
>
> Yes, I can block specific known sites using dstdomain, but I still
> have problems when blocking some words in the URL using
> url_regex... other pages are blocked as well...... Any other hint??
>
> Thanks,
>
> Fernanda
>
> On 30 Apr 2002, Squid Support (Henrik Nordstrom) wrote:
> >If your intention is to block specific known sites then using the
> >dstdomain (and dst) ACL types is more approproate..
> >
> >Regards
> >Henrik


> >
> >On Monday 29 April 2002 18:19, fe...@ig.com.br wrote:
> >> However, I still can´t make squid block properly certain sites
> >> as per the instructions I´ve found. When I block them, there are
> >> some other dynamic pages that are blocked as well, which are not
> >> intended to be blocked.
> >>
> >> I am running Squid 2.4 Stable 1 on Linux Red Hat 7.2. Here it is
> >> an extract of my squid.conf file:
> >>
> >> hierarchy_stoplist cgi-bin ?
> >> acl QUERY urlpath_regex cgi-bin \?
> >> no_cache deny QUERY
> >> acl rionet src 121.200.200.0/255.0.0.0
> >> acl nosite url_regex "/usr/local/squid/etc/denied.txt"
> >> #Deny access to certain sites
> >> http_access deny nosite
> >> #Allow access to our local network
> >> http_access allow rionet
> >> http_access allow localhost
> >>

> >> Thanks in advance for your help.
> >>
> >> Fernanda Santos

--
MARA Systems AB, Giving you basic free Squid support
Your source of advanced web reverse proxying solutions
http://www.marasystems.com/producs/

fe...@ig.com.br

unread,
May 2, 2002, 11:59:00 AM5/2/02
to
Hello All!

Thanks Henrik for your patience.... I wondered the same thing about the
regex patterns in my denied.txt file. So, I deleted everything in it and
left only one word which was "ig" (without quotation marks). Then I tried to
access www.ig.com.br and received an Access Denied msg. Perfect! However, I
received the same error msg when accessing www.squid-cache.org...... I am
really confused about it...... the only thing I can noticed is that the
unintended blocked pages are mostly asp or cgi-bin.....

Can be something wrong with regex?? Where can I find more details about it?

Thanks a lot!!

Fernanda

0 new messages