# excludelist
#
# INSTALLATION
# Install in /srv/www/htdocs/squint/excludelist to have
# exclusions when run from cron
# 
# SYNTAX
# This file specifies patterns which are omitted from the report.
# Each pattern is a (perl) regular expression which must match
# the specific field of the squid log.
# 
# Each line must be formatted as follows:
# 	field        ^perl\sregular.expression$
# The 'field' should be a number or a specific string
# corresponding to that number, with the following fields
# being allowed ...
#
# 0  date		unix time of end of download
# 1  duration		duration of download
# 2  ip			ip address of client
# 3  status		outcome of the event (TCP_MISS/404)
# 4  bytes		bytes transferred
# 5  operation		type of http request - GET CONNECT PROPFIND
# 6  url		where did it go to
# 7  user		identification given
# 8  method		How squid got the answer / where from
# 9  content-type	text/html, image/gif, application/ms-virus, etc.

# STANDARD RULES --------------------------------------------

# These are the standard rules.  As soon as you use this file, 
# the standard rules are cleared, which is the reason they are
# included below:
#
# Exclude TCP_DENIED requests.  The usual reason for items being
# denied is that they are unauthenticated.  In particular, the
# first request will always be denied with Proxy Authentication
# Required. The browser will then send another (authenticated)
# request.  The other reason for requests to be denied is that
# they are made by viruses, trojans and webbugs, so you might
# like to see how these decorate your reports.
#
# e.g.  1068468010.725    115 192.168.1.2 TCP_DENIED/403 1421 GET
# http://www.celine.com/images/celspr5.jpg - NONE/- text/html
#
status       ^TCP_DENIED/

# NONE means that the request was bogus on some level or another.
# Windows computers send these all the time.
#
# 1068455172.200      8 10.0.0.251 NONE/400 1489 OPTIONS
# http://andre_veleda/ - NONE/- text/html
status       ^NONE/

# CUSTOM RULES --------------------------------------------
# That's it for the built-in rules.  Here are some ideas for
# exclude rules that you can make all by yourself:

# Exclude a few sites which clutter the logs and give us the
# wrong idea about who's being evil
#
url	^http://download\.ledge\.co\.za/
url	^https?://www\.gmail\.com/
url	^https://messenger\.hotmail\.com/

# Exclude the boss and his assistant from the report, since they
# don't like being reported on.
user	^ty_coon|gillbates$
# We don't want reports on these ip addresses ...
ip	^172\.31\.

# Exclude this, just because we can ...
content-type	^macroswift/virus$
