I am believe the user you're talking about is accessing the URL's contained in acl exceptions url_regex "/etc/squid/data/exceptions" Because as far as I see, the only way for him/her to bypass the time limitation is if he/she gets allowed by http_access allow exceptions CMIIW Rgds, [p] Jagdish Rao wrote: > Hi, > > I have configure my Squid to work only for some time for one group of > users. I find that this is not being effective. Below is the squid conf file > > ############# SQUID DEFAULTS ############ > http_port 8000 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > cache_log /var/log/squid/cache.log > debug_options ALL,1 33,2 > debug_options ALL,1 > > ############ AUTHENTICATIONS ########### > auth_param basic program /usr/lib/squid/ncsa_auth > /etc/squid/data/valid-users > auth_param basic children 5 > auth_param basic realm Accord-Soft Proxy-caching Web Server > auth_param basic credentialsttl 2 hour > auth_param basic casesensitive off > > request_body_max_size 50 KB > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > ########### ACCESS CONTROLS ########### > > #### Format for Access Controls #### > ## <acl username proxy_auth user id> > ## <acl usertime time 9:00 - 14:00> > ## <acl userurl url_regex website> > ## <http_access allow username usertime userurl> > > acl password proxy_auth REQUIRED > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl CONNECT method CONNECT > > ########## USER DEFINED ACLS ########### > > ## Authenticating Users ####### > acl sunayna.j proxy_auth sunayna.j > acl vikramsingh proxy_auth vikram.singh > > #### ACL TIMINGS ####### > acl MorningTime time 08:00-09:00 > acl EveningTime time 18:00-19:00 > acl AfternoonTime time 13:00-15:00 > acl OfficeTime time 09:00-18:00 > acl SplMorningTime time 09:00-13:00 > acl PrelunchTime1 time 11:00-12:00 > acl PrelunchTime time 12:00-13:00 > > ### Some more ACL's to Allow and Block the Sites ### > acl PornSites url_regex "/etc/squid/data/blocked-sites" > acl PornSites url_regex "/etc/squid/data/blocked-bad-words" > acl exceptions url_regex "/etc/squid/data/exceptions" > acl exceptions url_regex "/etc/squid/data/winupdates" > http_access allow exceptions > http_access deny PornSites > deny_info ERR_PORN_DENIED PornSites > > acl FTPMP3 url_regex -i ^ftp://.*\.mp3$ > http_access deny FTPMP3 > acl HTPMP3 url_regex -i ^http://.*\.mp3$ > http_access deny HTPMP3 > > acl Download_Blocking url_regex -i > \.(ADE|ADP|ASD|ASF|BAS|BAT|CMD|CPL|CRT|EML|HLP|HTA|INF|INS|ISP|LNK|MDB|MDE|MSC|MSG|MSI|MSP|MST|OCX|PCD|PIF|SCR|SCT|SH|SHB|SHS|SYS|VB|VBE|VBS|VCS|WMS|WMD|WMZ|WSC|WSF|WSH|PBL|TPL|mov|MOV|mp3|avi|AVI|wmv|WMV|wma|rar|RAR|CAB|cab)($|\?) > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > #http_access deny !password > > ### Access Goes Here ####### > http_access allow vikasv PrelunchTime1 > http_access allow vikramsingh PrelunchTime1 > http_access allow sunayna.j PrelunchTime1 > > http_access deny all > > cache_mgr netadmin@xxxxxxxxxxxxxxx > visible_hostname squid.accord-soft.com > coredump_dir /var/spool/squid > logfile_rotate 10 > deny_info ERR_ACCESS_DENIED net-man > > ## End of Squid.conf file. > > In this the timings "PrelunchTime1" does not seem to work. This means > that a user with this config cannot access Net before 11:00 AM, but he > can continue to browse even after 12:00 Noon . > > Where are we making mistakes ? > > Any help would be appreciable > > Thanks > > Jagdish > > > > > > > > ############################################################################################################################################## > The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination, copying or other use of, or taking any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete > the material from your system. Accord Software & Systems Pvt. Ltd. (ACCORD) is not responsible for any changes made to the material other > than those made by ACCORD or for the effect of the changes on the meaning of the material. > ############################################################################################################################################## > > -- *Pandu E Poluan* *Panin Sekuritas* IT Manager / Infrastructure & Audit Phone : +62-21-515-3055 ext 135 Fax : +62-21-515-3061 Mobile : +62-856-8400-426 e-mail : pandu_poluan@xxxxxxxxxxxxxxxxxxxx <mailto:pandu_poluan@xxxxxxxxxxxxxxxxxxxx> Y!M : hands0me_irc MSN : si-ganteng@xxxxxxxx GTalk : pandu.cakep@xxxxxxxxx
