Search squid archive

Re: Restricting Access to certain sites only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* On 05/03/06 08:33 +0100, Henrik Nordstrom wrote:
> sön 2006-03-05 klockan 07:58 +0300 skrev Odhiambo WASHINGTON:
> > Hello list,
> > 
> > I have a quick one.
> > 
> > I have a certain IP class that I'd like to restrict to something akin to
> > a "walled garden" - allowing them access to only 3 sites - site1, site2
> > and site3.
> > 
> > I am not sure how to go about this, but I have a feeling this is in the
> > FAQ, only I cannot figure out which FAQ.
> > 
> > So I am thinking that I need to:
> > 
> > 1. Define the IP class in an acl
> > 2. Define the allowed sites in an acl
> > 3. Tie 1 and 2 together to allow the class access to the sites
> > 4. Deny this class access to all other sites.
> 
> 100% on the point
> 
> > Can someone point me in the right direction, even my example.
> 
> Just translate the above 4 lines into acl and http_access directives..
> It translates literally into 4 lines with the exact same content just
> different language..
> 
> Squid FAQ 10 Access Controls
> <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html> is a good starting
> point. Especially the introduction. There is no exact example for what
> you want to do, but I think you will manage.

Allow me to fumble here so that I can be corrected ;)

1. Define the IP class

   acl walled_class src 172.16.0.0/24

2. Define allowed sites - which I'll put in a file

#Allowed Sites
site1.com
site2.com
site3.com
and other allowed sites...

3. Now that I have my allowed site list ready, I use the following
   ACL to restrict usage:


acl walled_class src 172.16.0.0/24
acl AllowedSites dstdomain "/usr/local/etc/squid/allowed-sites"
http_access allow walled_class AllowedSites
http_access deny walled_class !AllowedSites


Is this any closer to what I'd like to achieve?

Thanks for any insights/corrections.


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash@xxxxxxxxxxxx>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

The qotc (quote of the con) was Liz's:
	"My brain is paged out to my liver"
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux