[squid-users] ACL and http_access
Magic Link
magiclink at outlook.com
Fri Nov 13 07:31:40 UTC 2015
What i want if it's possible is :
Users can't access Internet, except during two periods each day i 'll define. During these two periods, they can access only a few sites i define in the file (basic url http or https per line)I have to know if it's possible with Squid ? or Squidguard ? Or not at all ?
Thank you !
> From: Antony.Stone at squid.open.source.it
> To: squid-users at lists.squid-cache.org
> Date: Thu, 12 Nov 2015 17:04:06 +0100
> Subject: Re: [squid-users] ACL and http_access
>
> On Thursday 12 November 2015 at 15:55:10, Magic Link wrote:
>
> > Hi,
> > I want people don't have access to Internet, except one hour twice a day
> > with only some urls.listed in a file.I use the ACL type "time" and
> > "url_regex" but it doesn't work.
>
> Please elaborate on "it doesn't work".
>
> Do you mean people cannot access the Internet when they are supposed to be
> able to?
>
> Do you mean they can access the Internet when they are not supposed to be able
> to?
>
> Do you mean that can access sites which they are not supposed to access?
>
> What, specifically, does and does not work?
>
> > I think i don't do well with the order of http_access too. Is it possible
> > with squid only to do what i want ? Here is my squid.conf :
>
> > acl network src 10.2.0.0/16
> > acl working_hours time MTWHF 09:30-10:30
> > acl out_working_hours MTWHF 17:30-18:30
> > acl whitelist url_regex "/etc/squid3/allow.acl"
>
> We need to see the contents (or at least, some examples) from that file.
>
> > acl SSL_ports port 443
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 # https
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl CONNECT method CONNECT
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost manager
> > http_access deny manager
>
> > http_access allow localhost
> > http_access deny out_working_hours
> > http_access allow working_hours whitelist
> > http_access allow network
> > http_access deny all
>
> So the above 5 directives will:
>
> 1. Allow access from the local machine (good).
>
> 2. Deny access from anywhere between M-F 17:30-18:30 - is that really what you
> meant? You said you want to allow access for one hour twice a day, yet here
> you are denying access during a one hour timeslot.
>
> 3. Allow access from anywhere M-F 09:30-10:30 to sites matching your regex
> list.
>
> 4. Allow access from any address 10.2.0.0/16 - this looks bad
>
> 5. Deny anything else.
>
> > http_port 3128
> > coredump_dir /var/spool/squid3
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> > refresh_pattern . 0 20% 4320
> > debug_options 28,4
>
> I would suggest (assuming your regex list is good) trying:
>
> http_access allow localhost
> http_access allow network working_hours whitelist
> http_access allow network out_working_hours whitelist
> http_access deny all
>
> The above should allow access from 10.2.0.0/16 to the sites in your regex list
> between the hours 09:30-10:30 and 17:30-18:30 M-F
>
> If that isn't what you wanted, please specify the requirement and we'll see if
> we can help further.
>
>
>
> Antony.
>
> --
> +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
>
> Please reply to the list;
> please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151113/f3f49023/attachment-0001.html>
More information about the squid-users
mailing list