关键字： sqluid 禁止下载 .exe

前一阵，想通过squid代理实现禁止一些用户下载.exe 文件的功能，检索了一些网站，自己犯了一个小小的错误，记录下来：

google到一些网站：
http://www.linuxmine.com/2613.html

直接加入如下acl denymine urlpath_regex .exe .zip

acl test src 172.16.1.8/255.255.255.255
http_access deny test denymine
http_access allow test

然后找一些网站测试，通过!我想干脆把.com,.dll,.scr,.ani的文件加入：

当天就发现用户抱怨不能连外网，自己在测试才发现不能连接的都是.com结尾的网站。很明显规则写错，自己在认真看了手册发现，链接如下：
http://www.visolve.com/squid/squid24s1/access_controls.php

Acl Type: url_regex
Description
The url_regex means to search the entire URL for the regular expression you specify. Note that these regular expressions are case-sensitive. To make them case-insensitive, use the -i option.
Usage acl aclname url_regex pattern

Example
acl ACLREG url_regex cooking
ACLREG refers to the url containing "cooking" not "Cooking"

Acl Type: urlpath_regex
Description
The urlpath_regex regular expression pattern matching from URL but without protocol and hostname. Note that these regular expressions are case-sensitive
Usage acl aclname urlpath_regex pattern

Example
acl ACLPATHREG urlpath_regex cooking
ACLPATHREG refers only containing "cooking'' not "Cooking"; and without referring protocol and hostname.
If URL is http://www.visolve.com/folder/subdir/cooking/first.html then this acltype only looks after http://www.visolve.com/ .

实际上应该使用的是正则表达式，应该把以上的规则修改如下：

acl denymine url_regex -i ＼.exe$ ＼.scr$ ＼.com$ ＼.ani$ ＼.dll$

使用-i 关闭大小写。看来以后测试看书看文档要认真一些，避免不必要的错误。

注：我目前不知道禁止一些.dll文件对上网有什么影响。