Re: [squid-users] New Admin

From: tookers <gareth_at_garethcoffey.com>
Date: Wed, 7 Oct 2009 09:51:13 -0700 (PDT)

rkovelman wrote:
>
>
>> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
>> Date: Tue, 06 Oct 2009 23:29:02 +0200
>> To: Ross Kovelman <rkovelman_at_gruskingroup.com>
>> Cc: <squid-users_at_squid-cache.org>
>> Subject: Re: [squid-users] New Admin
>>
>> tis 2009-10-06 klockan 16:55 -0400 skrev Ross Kovelman:
>>
>>> This is what I have for http_access:
>>>
>>> http_access deny bad_url
>>> http_access deny all bad_url
>>> http_access deny manager
>>> http_access allow manager localhost
>>> http_access allow workdays
>>> http_access allow our_networks
>>>
>>>
>>> I would think bad_url would do the trick since I have acl bad_url
>>> dstdomain,
>>> correct?
>>
>> It should. At least assuming you have not other http_access rules above
>> this.
>>
>> but the rest of those rules looks strange.
>>
>> I think you want something like:
>>
>> # Restrict cachemgr access
>> http_access allow manager localhost
>> http_access deny manager
>>
>> # Block access to banned URLs
>> http_access deny bad_url
>>
>> # Allow users access on workdays
>> http_access allow our_networks workdays
>>
>> # Deny everything else
>> http_access deny all
>>
>>
>> but have no description of what effect workdays is supposed to have...
>>
>>
>> Regards
>> Henrik
>>
>>
>
>
> I made a few changes and still nothing:
>
> acl bad_url dstdomain "/xxx/xxxx/etc/bad-sites.squid"
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl our_networks src 192.168.16.0/255.255.255.0
> acl to_localhost dst 127.0.0.0/8
> acl workdays time M T W H F 8:30-12:00 11:30-18:00
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> # Restrict cachemgr access
> http_access allow manager localhost
> http_access deny manager
>
> # Block access to banned URLs
> http_access deny bad_url workdays
>
> # Allow users access on workdays
> http_access allow our_networks workdays
>
> # Deny everything else
> http_access deny all
>
> I would think this would fulfill the request I just emailed to the group,
> but doesn't
>
>
>
> " Thanks, I made those changes although still no luck. I do save the
> changes
> and then run a ./squid -k reconfigure, not sure if I should run a
> different
> command.
>
> I do have this for work days:
> acl workdays time M T W H F 8:30-18:00
>
> If I can I would like to deny those sites during "workdays" and then its
> open before or after that time.
>
> Thanks"
>
>
>

Hi There,

Maybe try this....

Change http_access deny bad_url workdays
To... http_access deny our_networks bad_url workdays

It should match any source IP address and if the other 2 acls match then you
should get 'Access Denied'

Thanks,
Tookers

-- 
View this message in context: http://www.nabble.com/New-Admin-tp25774654p25790327.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Oct 07 2009 - 16:51:16 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 08 2009 - 12:00:02 MDT