On Tuesday 10 January 2006 19:13, David Lynum wrote: > I've created ACL's in squid to keep my users from going to certain > websites during certain parts of the day. The acl's are working just > fine. But is there a way to kick those same users off of these acl > restricted sites if they already happen to be on the site when the acl > kicks in? Let's say the the acl restricts users from visiting a > particular website from 4PM-6PM. If the users are already on the site > at 3:59PM, once 4PM hits, so far they're still able to browse the site. I think you have a misunderstanding here. Squid (and anything that uses HTTP) has no notion of "sessions" or "being on the site". Every request is unique and without the help or cookies or username/password authentication you wouldn't know anything about a special user. That boring disclaimer aside. What kind of ACLs are you using? In case of internal (fast) ACLs (like 'src') this doesn't make much sense. In case of using external (e.g. LDAP group lookups) ACLs you usually have a TTL (time-to-live) defined on an ACL which tells Squid how many minutes a certain ACL is "fresh" (still valid). So if an ACL membership/decision is still stored by Squid then the user will be determined to be in a certain category until the TTL expires and the information is queried once again. Temporarily set the TTL to a very low value and see if it fixes your problem. > Of course once they leave the site they can't get back in though until > after 6PM. Sorry, this sounds wrong. How should Squid know if the user "leaves the site"? Perhaps you can elaborate. Kindly Christoph -- Never trust a system administrator who wears a tie and suit.
