[squid-users] ACL ordering in squid.conf

From: Dayo Adewunmi <contactdayo_at_gmail.com>
Date: Sun, 13 Dec 2009 18:36:40 +0100

Hi all

I was wondering if there needs to be any consideration that needs to be
taken
when it comes to ordering ACLs. My first block is a group of ACLs
determining
access to various sites. The block after that (further down the file)
are the ACLs for
the delay pools.

Is there a chance the some users won't even get to the delay pools ACLs,
thus
not being throttled?

acl academic01 time MTWHFAS 08:00-20:00
acl ok-sites url_regex
(chess\.com|feedproxy\.google\.com|actubenin\.com|dictionnaire.tv5.org|eliteinternationalcareers\.com|opensuse\.org|users\.aust-abuja\.org|reddit\.com|hmusick)
http_access allow ok-sites
acl media-sites url_regex -i
(bollywood|espn|game|movie|movies|music|musik|premiership|premierleague|radio|\.tv|\/tv|tube|torrent|video)
acl torrents url_regex -i (torrent|mininova)
http_access deny torrents
acl warez-sites url_regex -i (warez|share|sharing)
acl unblocker-sites url_regex -i (bypass|hide|unblock|proxie|proxy)
http_access allow ausnahme warez-sites
http_access allow ausnahme media-sites
http_access allow ausnahme unblocker-sites

http_access deny academic01 warez-sites
http_access deny academic01 media-sites
http_access deny academic01 unblocker-sites

acl lan-servers dst 192.168.0.0/24
acl lan-unknown dst 192.168.1.0/24
acl lan-known2 dst 192.168.2.0/24
acl lan-known3 dst 192.168.3.0/24
acl lan-ams dst 192.168.4.0/24
acl lan-mdl dst 192.168.5.0/24
acl lan-students dst 191.168.6.0/24

acl bad-downloads url_regex -i
\.(mp(3|4|g|eg?)|exe|vqf|rpm|zip|avi|qt|ra?m|iso|raw|wav|wmv)$
acl pdf-downloads url_regex -i \.pdf$
acl url-words url_regex -i (ictp\.it|\://ftp\.)
acl ftp-downloads proto FTP

delay_pools 6
delay_initial_bucket_level 95

delay_class 1 1
delay_parameters 1 -1/-1
delay_access 1 allow lan-servers
delay_access 1 deny all

delay_class 2 1
delay_parameters 2 14000/14000
delay_access 2 allow lan-unknown bad-downloads
delay_access 2 allow lan-unknown ftp-downloads
delay_access 2 allow lan-unknown
delay_access 2 deny all
.
.
.
.

Best regards

Dayo
Received on Sun Dec 13 2009 - 17:37:07 MST

This archive was generated by hypermail 2.2.0 : Sun Dec 13 2009 - 12:00:02 MST