> -----Original Message----- > From: Mario Maradiaga [mailto:mario.maradiaga@xxxxxxxxxxxxx] > Sent: Wednesday, February 09, 2005 2:12 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] Allow msn messenger but no porn > > > Hi everyone, > > This is my first e-mail to the list and I hope you can help. I`m > running the lates squid stable on a Red Hat 7.3, the problem I have is > the following: > > Everyone of the computers in the office except for the IT one´s access > the Internet with ncsa authentication. The following acl takes care of > all the ip´s inside the office, acl office src "/etc/squid/etc/work", I > have a respective acl to ban porn, acl porn url_regex > "/etc/squid/etc/nosex", and a respective acl to block msn, acl msn > req_mime_type -i ^application/x-msn-messenger$. > acl salesmanagerIP src 1.2.3.4/255.255.255.255 # Change the IP address as appropriate > The http_access looks kinda like this: > http_access deny paginas > ....some other acl's http_access allow salesmanagerIP msn # Allow the sales manager's IP to use msn through squid > http_access deny msn > ....some other acl's > http_access allow office password > > Like I said the IT pc´s are not included on the squid configuration file > because they're doing NAT directly through the firewall. > I am now required to allow acces to the msn messenger only on one PC, > the sales manager PC, but I don´t know how to give msn access to it > without allowing it to view porn. Here´s what I tried: I added the ip to > the NAT table on my firewall and removed it from the office ip list > requiring password but left the Internet Explorer on the pc still > configured to access internet via squid, this way I think he will be > able to access msn but still be affected by the acl´s on squid thus > blocking the porn sites. But it didn`t work. > Any ideas are welcome or point out anything I left out. > > Thanx, > > Mario Maradiaga See the Access Control section of the Squid FAQ for more details (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html) Chris
