[squid-users] https access only for few users

[Amos Jeffries]

On 09/11/17 23:03, Simon Dcunha wrote:
> 
> Dear All,
> 
> I have squid running with no issues for a long time and recently i have the below task.
> User access to internet is based on physical machine IP address acl so only user ips listed in the conf file have access to internet
> 
> i need to allow access to only one site for some users and deny everything else. its a https site
> the site is https://mof-sc-site.custhelp.com/
> 
> the users whos ips are listed in below acl should  access the above site only and nothing else.
> 
> so i have a access list as follows
> 
> ----------------------------------------------------
> acl onesite src 172.16.52.23 172.16.6.121
> acl allowed_site url_regex "/etc/squid/site"
> http_access allow onesite allowed_site
> http_access deny onesite
> ------------------------------------------------------
> 
> in /etc/squid/site i have
> ------------------
> .mof*
> 
> Now when I try to access the above site it says page cannot be displayed and in the squid access.log i see the below
> --------------
> 1510224319.009      0 172.16.6.121 TCP_DENIED/403 4201 CONNECT mof-sc-site.custhelp.com:443 - HIER_NONE/- text/html
> 
> 
> but if I try to access http://www.mof.gov.kw the home page is displayed and works fine
> 
> appreciate your advice and help
> 

You are a) using the wrong tool [regex] for the job of matching a single 
*domain*, and b) using regex VERY VERY badly.

Your regex says any URL in existence that contains _any_ single 
character followed by 'm' then 'o' is a match for the ACL - thus is 
allowed to the "onesite" client(s). The 'f' being optional (the *) and 
at the end of the pattern means it does not matter at all for the 
matching and may as well not exist.



What you should be doing is using an ACL type that matches domain names 
and telling it the domain that you want to match:

   acl allowed_site dstdomain mof-sc-site.custhelp.com

The rest of your config snippet was correct for what you want to do.

Amos