RE: [squid-users] Allow msn messenger but no porn from Chris Robertson on 2005-02-09 (squid-users)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 9 Feb 2005 14:44:08 -0900

> -----Original Message-----
> From: Mario Maradiaga [mailto:mario.maradiaga@edusystems.hn]
> Sent: Wednesday, February 09, 2005 2:12 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Allow msn messenger but no porn
>
>
> Hi everyone,
>
> This is my first e-mail to the list and I hope you can help. I`m
> running the lates squid stable on a Red Hat 7.3, the problem I have is
> the following:
>
> Everyone of the computers in the office except for the IT one´s access
> the Internet with ncsa authentication. The following acl takes care of
> all the ip´s inside the office, acl office src "/etc/squid/etc/work", I
> have a respective acl to ban porn, acl porn url_regex
> "/etc/squid/etc/nosex", and a respective acl to block msn, acl msn
> req_mime_type -i ^application/x-msn-messenger$.
>

acl salesmanagerIP src 1.2.3.4/255.255.255.255 # Change the IP address as
appropriate

> The http_access looks kinda like this:
> http_access deny paginas
> ....some other acl's

http_access allow salesmanagerIP msn # Allow the sales manager's IP to use
msn through squid

> http_access deny msn
> ....some other acl's
> http_access allow office password
>
> Like I said the IT pc´s are not included on the squid configuration file
> because they're doing NAT directly through the firewall.
> I am now required to allow acces to the msn messenger only on one PC,
> the sales manager PC, but I don´t know how to give msn access to it
> without allowing it to view porn. Here´s what I tried: I added the ip to
> the NAT table on my firewall and removed it from the office ip list
> requiring password but left the Internet Explorer on the pc still
> configured to access internet via squid, this way I think he will be
> able to access msn but still be affected by the acl´s on squid thus
> blocking the porn sites. But it didn`t work.
> Any ideas are welcome or point out anything I left out.
>
> Thanx,
>
> Mario Maradiaga

See the Access Control section of the Squid FAQ for more details
(http://www.squid-cache.org/Doc/FAQ/FAQ-10.html)

Chris
Received on Wed Feb 09 2005 - 16:44:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST