Search squid archive

ACL advise

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I would like to setup squid as follows :
Group 1 users (10.1.1.10 and 10.1.1.11) only able to access 2 URLs (http://intranet.abc.com/abc and http://apps.intranet.abc.com/abc) and 1 domain (interdept.abc.com)
Group 2 users (10.1.1.12 and 10.1.1.13) only able to access 2 URLs (http://intranet.abc.com/def and http://apps.intranet.abc.com/def)
Group 3 users (10.1.2.20 and 10.1.2.21) only able to access 2 URLs (http://intranet.abc.com/xyz and http://apps.intranet.abc.com/xyz)
All 3 groups can access URL http://public.abc.com/abc and domain public.def.com 

All other users in 10.1.1.x and 10.1.2.x are not allow to access anything.
All other users not in the above group (10.1.3.x, 10.1.4.x, etc) can access everything on the intranet. 

Is my following configuration correct:

Thank you.

acl clients-seg-1 src 10.1.1.0/8
acl clients-seg-2 src 10.1.2.0/8

acl common-allow-url url_regex http://public.abc.com/abc
acl common-allow-domain dstdomain public.def.com
http_access deny clients-seg-1 clients-seg-2 !clients-grp1 !clients-grp2 !clients-grp3 

acl clients-grp1 src 10.1.1.10 10.1.1.11
acl clients-grp1-allow-domain dstdomain interdept.abc.com
acl clients-grp1-allow-url url_regex http://intranet.abc.com/abc http://apps.intranet.abc.com/abc
http_access allow clients-grp1 clients-grp1-allow-domain clients-grp1-allow-url common-allow-url common-allow-domain http_access deny clients-grp1 !clients-grp1-allow-domain !clients-grp1-allow-url !common-allow-url !common-allow-domain 


acl clients-grp2 src 10.1.1.12 10.1.1.13
acl clients-grp2-allow-url url_regex http://intranet.abc.com/def http://apps.intranet.abc.com/def
http_access allow clients-grp2 clients-grp2-allow-url common-allow-url common-allow-domain http_access deny clients-grp2 !clients-grp2-allow-url !common-allow-url !common-allow-domain 


acl clients-grp3 src 10.1.2.20 10.1.2.21
acl clients-grp3-allow-url url_regex http://intranet.abc.com/xyz http://apps.intranet.abc.com/xyz http_access allow clients-grp3 clients-grp3-allow-url common-allow-url common-allow-domain http_access deny clients-grp3 !clients-grp3-allow-url !common-allow-url !common-allow-domain 


http_access allow all

_________________________________________________________________
Get the new Windows Live Messenger! http://get.live.com/messenger/overview
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux