> -----Original Message----- > From: Schelstraete Bart [mailto:bart@xxxxxxxxxxxxxxxx] > Sent: Wednesday, February 15, 2006 5:47 AM > To: lists@xxxxxxxxxx > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Problem understanding acl > > > On Wed, 2006-02-15 at 10:23 -0400, Chris Mason (Lists) wrote: > > > > I want to have the following scenario but I can't > > understand how to do it > > > > # Employee general access to a list of sites > > acl allowed-sites dstdomain .thisdomain.com .thatdomain.com > > http_access allow allowed-sites > > > > # Some employees listed get access to all EXCEPT the banned sites > > acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com > > .playboy.com > > acl password_access proxy_auth someone someone-else anotheruser > > http_access allow password_access but deny the banned_lists > > > > # And finally deny all other access to this proxy > > http_access allow localhost > > http_access deny all > > Hi, > > As far as I understand, it's just like this: > > > acl allowed-sites dstdomain .thisdomain.com .thatdomain.com > acl banned_sites > dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com > acl password_access proxy_auth someone someone-else anotheruser > > ##Order is important > http_access allow allowed-sites > http_access deny banned_sites > http_access allow password_access > http_access deny all > One note of caution. This would allow ANYONE who has access to your proxy to use it to access the allowed-sites. Defining an acl that describes your LAN... acl my-lan src 192.168.0.0/16 ...and using it to limit un-authenticated access to allowed-sites... http_access allow my-lan allowed-sites ... is probably not a bad idea. Further, you can combine the password_access and banned sites into one rule... http_access allow password_access !banned_sites ... if you wish. There is a whole section of the FAQ dedicated to ACLs (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html). > > > Bart > > > > -- > Schelstraete Bart > http://www.schelstraete.org > bart@xxxxxxxxxxxxxxxx > 15:43:27 up 3 days, 21:54, 3 users, load average: 1.83, 1.88, 1.78 > > Chris
