RE: allowing users to access particular domains

From: Ilker Gokhan <IlkerG@dont-contact.us>
Date: Thu, 22 Jun 2000 11:31:29 +0300

Ohh.. It should work. it has been worked at my attempts with client IP
instead of ident user. Also:
 
use the following name with dot.
fedex.com this mean that only hostname--> .fedex.com this mean that domain
name.
yahoo.com --> .yahoo.com
 
Best regards.
Ilker G.

-----Original Message-----
From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
Sent: Thursday, June 22, 2000 3:27 AM
To: Ilker Gokhan; squid-users@ircache.net
Subject: Re: allowing users to access particular domains

Thanks Ilker,

I tried that but still users 1-4 could access the whole net. Anything else
I need to look into?

Joel

R.Ilker Gokhan wrote:

  

>-----Original Message-----
>From: Joel Taqueban [ mailto:jtaqueba@apme-ops.dhl.com
<mailto:jtaqueba@apme-ops.dhl.com> ]
>Sent: Thursday, June 01, 2000 1:48 PM
>To: squid-users@ircache.net
>Subject: allowing users to access particular domains

                         gets to access:
> user1, user2 only www.fedex.com
                              www.ups.com
> user3, user4 only the above sites
                          pus: cnn.com
                               yahoo.com
> user5, user6 all sites

>where the above users are valid users from my ldap server.
>I tried defining this on my squid.conf file.
>acl allowedsites1 dstdomain fedex.com ups.com
>acl allowedsites2 dstdomain fedex.com ups.com yahoo.com cnn.com
>acl customer_service ident user1 user2
>acl supervisors ident user3 user4
>acl management ident user5 user6
>http_access allow allowedsites1 customer_service
>http_access allow allowedsites2 supervisors
>http_access allow management

Try:
remove this line : http_access allow management
http_access deny all !management

remove : >http_access deny all

>However, user1 to user4 still could access sites that should have been
restricted for them.
>What seems to be wrong with my ACL above? Do I have the right http_access
definition for user5 >and user6 who are in 'management' ACL?

>Joel

Ilker G.
P.S please don't send mail with HTML format.
Received on Thu Jun 22 2000 - 02:33:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:07 MST