Skip to content

Advanced Rules

The application is also able to apply advanced rules (access control list rules) in a policy. To configure these rules, select Admin UI / Policy / Filtering Rules / Advanced as shown on the following screenshot.

Advanced Rules in a Policy

Currently the following access control list (ACL) types are supported. The implementation has some similarities with Squid ACLs although not all access control list names and not all access rules are supported for now.

ACL Type Description
http_status The decimal code of the HTTP response. The response code is taken from the HTTP response status, like 200 OK.
dstdomain Domain name of the origin site being connected to. This domain name is taken from the Host header of the HTTP request.
rep_mime_type MIME type of the HTTP response. This value is taken from the Content-Type header in the HTTP response.
req_mime_type MIME type of the HTTP request. This value is taken from the Content-Type header in the HTTP request. Usually only POST and PUT requests have this header set.

Any line starting with # is considered a comment and ignored. Please use these comments to make the advanced configuration more understandable.

The following sections present some examples of using advanced filtering rules.

HTTP Status Code

The following example blocks HTTP responses with HTTP status code less than 100 and allows others through.

# define allowed and denied status codes
acl allowed_status_codes http_status 200 301 400-403 500
acl denied_status_codes http_status -100

# allow and deny as required
http_access allow allowed_status_codes
http_access allow denied_status_codes

Domain Name

The following example allows HTTP requests to the search sites and blocks everything else.

# define domains
acl search_engines dstdomain .duckduckgo.com .yahoo.com .google.com .bing.com

# allow and deny as required
http_access allow search_engines
http_access deny all

Request and Response Content Types

The following example blocks video files from Facebook. Video files on other video hosting platforms, like YouTube are implicitly allowed.

# define facebook cdn
acl facebook_cdn dstdomain .fbcdn.net

# define response content type of a video file
acl video_mp4 rep_mime_type video/mp4

# and deny it
http_reply_access deny video_mp4 facebook_cdn

Block All Requests

The following example simply blocks all requests.

# define facebook cdn
http_access deny all

all here is the built in access control list name meaning any request or response.