acl playsites dstdomain .tomshardware.com ubuntulinux.org
acl worktime time MTWHF 9:00-18:00
acl freetime time D 18:00-20:00
http_access allow newssites worktime
http_access allow newssites freetime
http_access allow playsites freetimeNOTE
You can replace MTWHF with D as it is equivalent to MTWHF and means
“all the days of the working week.”Notice that there are two http_access lines for the newssites
category: one for worktime and one for freetime. This is because all the
conditions must be matched for a line to be matched. Alternatively, you can
write this:
Click here to view code image
http_access allow newssites worktime freetime
However, if you do this and someone visits http://news.bbc.co.uk at 2:30 p.m.
(14:30) on a Tuesday, Squid works like this:
Is the site in the newssites category? Yes, continue.
Is the time within the worktime category? Yes, continue. Is the time within the freetime category? No; do not match rule and
continue searching for rules.It is because of this that two lines are needed for the worktime category.
One particularly powerful way to filter requests is with the url_regex ACL
line. This enables you to specify a regular expression that is checked against
each request: If the expression matches the request, the condition matches.
For example, if you want to stop people from downloading Windows
executable files, you use this line:
Click here to view code image
acl noexes url_regex -i exe$
The dollar sign ($) means “end of URL,” which means it would match
[http://www.somesite.com/virus.exe but not www.executable.com/innocent.html.](http://www.somesite.com/virus.exe but not www.executable.com/innocent.html.)
The -i part means “not case sensitive,” so the rule matches .exe, .Exe, .EXE,
and so on. You can use the caret symbol (^) for “start of URL.”
For example, you could stop some pornography sites by using this ACL:
Click here to view code image