Re: [squid-users] New Admin

From: Ross Kovelman <rkovelman_at_gruskingroup.com>
Date: Tue, 06 Oct 2009 17:47:31 -0400

> From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
> Date: Tue, 06 Oct 2009 23:29:02 +0200
> To: Ross Kovelman <rkovelman_at_gruskingroup.com>
> Cc: <squid-users_at_squid-cache.org>
> Subject: Re: [squid-users] New Admin
>
> tis 2009-10-06 klockan 16:55 -0400 skrev Ross Kovelman:
>
>> This is what I have for http_access:
>>
>> http_access deny bad_url
>> http_access deny all bad_url
>> http_access deny manager
>> http_access allow manager localhost
>> http_access allow workdays
>> http_access allow our_networks
>>
>>
>> I would think bad_url would do the trick since I have acl bad_url dstdomain,
>> correct?
>
> It should. At least assuming you have not other http_access rules above
> this.
>
> but the rest of those rules looks strange.
>
> I think you want something like:
>
> # Restrict cachemgr access
> http_access allow manager localhost
> http_access deny manager
>
> # Block access to banned URLs
> http_access deny bad_url
>
> # Allow users access on workdays
> http_access allow our_networks workdays
>
> # Deny everything else
> http_access deny all
>
>
> but have no description of what effect workdays is supposed to have...
>
>
> Regards
> Henrik
>
>

I made a few changes and still nothing:

acl bad_url dstdomain "/xxx/xxxx/etc/bad-sites.squid"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl our_networks src 192.168.16.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl workdays time M T W H F 8:30-12:00 11:30-18:00
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Restrict cachemgr access
http_access allow manager localhost
http_access deny manager

# Block access to banned URLs
http_access deny bad_url workdays

# Allow users access on workdays
http_access allow our_networks workdays

# Deny everything else
http_access deny all

I would think this would fulfill the request I just emailed to the group,
but doesn't

" Thanks, I made those changes although still no luck. I do save the
changes
and then run a ./squid -k reconfigure, not sure if I should run a different
command.

I do have this for work days:
acl workdays time M T W H F 8:30-18:00

If I can I would like to deny those sites during "workdays" and then its
open before or after that time.

Thanks"

Received on Tue Oct 06 2009 - 21:47:42 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 07 2009 - 12:00:02 MDT