Re: How to limit a user to access a few sites.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi,




I think you probably need to combine a few rules together.
Consider the following

acl ncsa_users proxy_auth REQUIRED
acl ip_users external ip_user %SRC %LOGIN %DST



acl ALLOWED_DOMAINS url_regex -i google.com bbc.com cnn.com

http_access deny !ncsa_users
http_access deny !ip_users
http_access allow ip_users ALLOWED_DOMAINS
http_access allow ncsa_users ALLOWED_DOMAINS
http_access deny all


These rules say that ALL the ips have access to google.com bbc.com cnn.com.

That is not What I want.

This is my senario.

There are about 50 users browsing internet. 3 users out of those 50
misuse internet.
So I only want to limit these 3 users.
Let's say their ips are 192.168.101.25, 192.168.101.26, 192.168.101.30

Now I want to limit these 3 users' internet acsess to google.com
bbc.com cnn.com.
AND, the rest of users should have access to whole wolrd.

I wrote below rules. Pls check !!

external_acl_type ip_user %SRC %LOGIN /usr/lib/squid/ip_user_check -f
/etc/squid/ip.conf

acl ncsa_users proxy_auth REQUIRED
acl ip_users external ip_user %SRC %LOGIN

acl clientips src 192.168.101.25 92.168.101.26 192.168.101.30
acl allowedsites url_regex -i "/etc/squid/allowedsites.txt"

http_access deny !ncsa_users
http_access deny !ip_users
http_access allow ip_users clientips
http_access allow ip_users allowedsites
http_access allow ncsa_users clientips
http_access allow ncsa_users allowedsites
http_access deny clientips

my etc/squid/allowedsites.txt is like this.
[root@worldnet ~]# cat /etc/squid/allowedsites.txt
google.com
bbc.com
cnn.com


But, It still does not work.

Pls help me to solve this issue.




Basically, a new ACL was added and the corresponding http_access test,
it will only

(a) be allowed IF it fulfilled the test of being an ip_users and going
to a domain as defined in the ALLOWED_DOMAINS acl

~ or ~

(b) be allowed IF it fulfilled the test of being an ncsa_users and going
to a domain as defined in the ALLOWED_DOMAINS acl

Hope this helps.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




--
Thank you
Indunil Jayasooriya
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux