Search squid archive

RE: deny authenticated users to dstdomain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Covington, Chris [mailto:Chris.Covington@xxxxxxxxxxx]
> Sent: Thursday, September 01, 2005 8:45 AM
> To: rob@xxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  deny authenticated users to dstdomain
> 
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Covington, Chris wrote:
> > > Hi all,
> > > 
> > > I'd like to deny some domains after people have authenticated.  I 
> > > tried
> > > this:
> > > 
> > > acl NoAccess dstdomain .aim.com
> > > acl NoAccess proxy_auth REQUIRED
> > > acl AuthorizedUsers proxy_auth REQUIRED http_access deny NoAccess 
> > > http_access allow AuthorizedUsers
> > > 
> > > But apparently this isn't allowed:
> > > 
> > > 2005/09/01 10:52:12| aclParseAclLine: ACL 'NoAccess' already exists 
> > > with different type.
> > > FATAL: Bungled squid2.conf line 1874: acl NoAccess proxy_auth REQUIRED 
> > > Squid Cache (Version 2.5.STABLE10): Terminated abnormally.
> > > 
> > > What's the best way to do this?
> > 
> > Remove line 1874. It's conflicting with the `deny NoAccess' line.
> 
> That line is:
> 
> acl NoAccess dstdomain .aim.com
> 
> If I do that, how will I define which sites are not allowed access?
> 
> ---
> Chris Covington
> IT
> Plus One Health Management
> 75 Maiden Lane Suite 801
> NY, NY 10038
> 646-312-6269
> http://www.plusoneactive.com
> 

The problem is you have used one ACL name (NoAccess) with two different ACL types (dstdomain and proxy_auth).  Give the two ACLs different names, and make either a combined http_access rule using those ACLs or sequential http_access rules to server your goal.

For example...

acl NoAccess dstdomain .aim.com
acl authentication proxy_auth REQUIRED
acl myNet src 192.168.0.0/24

http_access deny !authentication
http_access deny NoAccess
http_access allow myNet
http_access deny all

...would allow access to those people who 1) have authenticated 2) are not trying to surf to *.aim.com and 3) are originating from 192.168.0.0/24.  The Squid FAQ (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html) has more details.

Chris


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux