So noone can figure this out? Seems like a pretty basic need. Please help. -d On 1/5/06, Dustin <deviousz@xxxxxxxxx> wrote: > > You don't explain which group is supposed to do what. So I'll guess. > > > > 'Full_InetAllow' has full inet access, 'de_InetAllow' should be > limited to a few sites. > > > This ACL is invalid (I wonder why Squid didn't complain). Either it's > > > > acl localnet proxy_auth REQUIRED > > > > or > > > > acl localnet src 10.100.3.0/24 > > > > It works though :) > > > > > > > When I tried the following, squid would not start: > > > > Why not? Which errors occur? > > > > Its not bombing out anymore, perhaps the server reboot changed that. > > > > acl de_urls dstdomain .fedex.com .ups.com > > > acl de_InetAllow external win_domain_group Web_access_dataentry > > > http_access allow de_InetAllow de_urls > > > http_access deny all > > > > This would mean you allow access to the de_urls for members of the > > Web_access_dataentry group. Everyone else is denied access. > > > Yes, that is what I'd like to accomplish, limit the sites which this > group 'de_InetAllow' can access. > > I just tried this but did not work either: > > == > acl localnet proxy_auth REQUIRED > acl de_urls dstdomain .fedex.com .ups.com > acl de_InetAllow external win_domain_group Web_access_dataentry > http_access allow de_InetAllow de_urls > acl Full_InetAllow external win_domain_group Web_access_full > http_access allow Full_InetAllow > == > > FYI, I am still able to go anywhere w/ a user in the 'Full_InetAllow' group. > > Any ideas? > > -Dustin >
