Pandu E Poluan wrote:
I am believe the user you're talking about is accessing the URL's
contained in
acl exceptions url_regex "/etc/squid/data/exceptions"
Because as far as I see, the only way for him/her to bypass the time
limitation is if he/she gets allowed by
http_access allow exceptions
CMIIW
Correct by my reading of that too.
Some other config notes below for unrelated stuff...
Rgds,
[p]
Jagdish Rao wrote:
Hi,
I have configure my Squid to work only for some time for one group of
users. I find that this is not being effective. Below is the squid conf file
############# SQUID DEFAULTS ############
http_port 8000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_log /var/log/squid/cache.log
debug_options ALL,1 33,2
above sets up some debug display options.
below cancels that out by setting a global 1-level debug.
debug_options ALL,1
############ AUTHENTICATIONS ###########
auth_param basic program /usr/lib/squid/ncsa_auth
/etc/squid/data/valid-users
auth_param basic children 5
auth_param basic realm Accord-Soft Proxy-caching Web Server
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off
request_body_max_size 50 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
########### ACCESS CONTROLS ###########
#### Format for Access Controls ####
## <acl username proxy_auth user id>
## <acl usertime time 9:00 - 14:00>
## <acl userurl url_regex website>
## <http_access allow username usertime userurl>
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl all src all
simpler to understand.
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localhost src 127.0.0.1
also simpler to understand.
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT
########## USER DEFINED ACLS ###########
## Authenticating Users #######
acl sunayna.j proxy_auth sunayna.j
acl vikramsingh proxy_auth vikram.singh
#### ACL TIMINGS #######
acl MorningTime time 08:00-09:00
acl EveningTime time 18:00-19:00
acl AfternoonTime time 13:00-15:00
acl OfficeTime time 09:00-18:00
acl SplMorningTime time 09:00-13:00
acl PrelunchTime1 time 11:00-12:00
acl PrelunchTime time 12:00-13:00
### Some more ACL's to Allow and Block the Sites ###
acl PornSites url_regex "/etc/squid/data/blocked-sites"
acl PornSites url_regex "/etc/squid/data/blocked-bad-words"
acl exceptions url_regex "/etc/squid/data/exceptions"
acl exceptions url_regex "/etc/squid/data/winupdates"
http_access allow exceptions
http_access deny PornSites
deny_info ERR_PORN_DENIED PornSites
acl FTPMP3 url_regex -i ^ftp://.*\.mp3$
http_access deny FTPMP3
acl HTPMP3 url_regex -i ^http://.*\.mp3$
http_access deny HTPMP3
acl Download_Blocking url_regex -i
\.(ADE|ADP|ASD|ASF|BAS|BAT|CMD|CPL|CRT|EML|HLP|HTA|INF|INS|ISP|LNK|MDB|MDE|MSC|MSG|MSI|MSP|MST|OCX|PCD|PIF|SCR|SCT|SH|SHB|SHS|SYS|VB|VBE|VBS|VCS|WMS|WMD|WMZ|WSC|WSF|WSH|PBL|TPL|mov|MOV|mp3|avi|AVI|wmv|WMV|wma|rar|RAR|CAB|cab)($|\?)
In the above regex you specify '-i' (not case-sensitive) therefore many
of your upper and lower case patterns can be collapsed to a smaller set
of lower case patterns.
Also, if this is important (you don't even seem to use it) then you
might think about adding a mime_type ACL for those as well to catch the
fake file types: mp3's sent as index.html for one example.
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny !password
### Access Goes Here #######
http_access allow vikasv PrelunchTime1
http_access allow vikramsingh PrelunchTime1
http_access allow sunayna.j PrelunchTime1
http_access deny all
cache_mgr netadmin@xxxxxxxxxxxxxxx
visible_hostname squid.accord-soft.com
coredump_dir /var/spool/squid
logfile_rotate 10
deny_info ERR_ACCESS_DENIED net-man
## End of Squid.conf file.
In this the timings "PrelunchTime1" does not seem to work. This means
that a user with this config cannot access Net before 11:00 AM, but he
can continue to browse even after 12:00 Noon .
Where are we making mistakes ?
Any help would be appreciable
Thanks
Jagdish
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
