Re: Restricting certain users to certain urls

[Yong Bong Fong <bfyong@xxxxxxxxxxxxxxx>]

 Dear friends,

   I have successfully created the acls to restrict users to certain 
urls. But there seems to be a problem whenever the urls contain a "/" 
symbol in it. All the sites that has a "/" in it are denied eventhough I 
had listed it as allowed sites. Some of the examples are as follows:

_https://metoc.npmoc.navy.mil/jtwc.html
http://www.wline.co.jp/
http://www.coi.gov.cn/
_

_
_

Other sites such as google.com, yahoo.com works well. Before when I 
tried with squidguard, the same problem occured, anyone knows what is 
the problem and if can be resolved? Also is it possible to redirect all 
the blocked sites to a certain url?

Really thankful for helping, thanks a lot.

Yong

_
_

_
_





> -----Original Message-----
> > From: Yong Bong Fong [mailto:bfyong@xxxxxxxxxxxxxxx]
> > Sent: Tuesday, September 13, 2005 5:02 PM
> > To: squid-users@xxxxxxxxxxxxxxx
> > Subject: Re:  Restricting certain users to certain urls
> >
> >
> > Hi Christoph,
> >
> >     I got problem again. Squidguard acl was problematic it 
> > didn't work 
> > quite well. Now I am trying on Squid acl to restrict certain users to 
> > certain urls. I also have ldap authentication for my squid. Following 
> > are my acls:
> >
> > acl abc ident andy
> > acl blocksites dstdomain .google.com
> >
> > http_access deny abc blocksites
> > http_access allow ldap_group-www
>  
>
>
> Change these lines to...
>
> acl abc proxy_auth andy
> acl allowsites dstdomain .google.com
>
> http_access allow abc allowsites  # Allow andy to surf google
> http_access deny abc              # Prevent andy from surfing elsewhere
> http_access allow ldap_group-www  # Allow ldap_group-www to surf
>
>  
>
> > > What I am trying to achieve is to only allow Andy (who is 
> > > grouped in abc 
> > > above) to access google.com only. Other sites are blocked for him. I 
> > > tried it but it didn't work quite well, it does block 
> > > google.com but not 
> > > just for andy, it blocks all other users too.
> > > Apparently the problem must be something to do with the "acl 
> > > abc ident 
> > > andy". When I retsarted squid the first time after changing the 
> > > configuration, its fine. But second time the following 
> > > message came out:
> > >
> > > # service squid restart
> > > Stopping squid: 2005/09/14 08:48:49| squid.conf line 1791: 
> > > acl abc ident 
> > > bfyong
> > > 2005/09/14 08:48:49| aclParseAclLine: Invalid ACL type 'ident'
> > > 2005/09/14 08:48:49| squid.conf line 1821: http_access allow 
> > > abc blocksites
> > > 2005/09/14 08:48:49| aclParseAccessLine: ACL name 'abc' not found.
> > >
> > > Any idea what is wrong? seems like it is not checking the username 
> > > thingi to do the acl.....
> > > please help me to identify my problem..thanks a lot for 
> > > taking time helping.
> > > thanks a lot...
> >    
>
> You are not using ident to gather usernames (instead it looks like you are using a basic authenticator) so you need to use proxy_auth acls.
>
> Chris
>
>