On Wed, 7 Oct 2009 09:51:13 -0700 (PDT), tookers <gareth@xxxxxxxxxxxxxxxx> wrote: > rkovelman wrote: >> >> >>> From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> >>> Date: Tue, 06 Oct 2009 23:29:02 +0200 >>> To: Ross Kovelman <rkovelman@xxxxxxxxxxxxxxxx> >>> Cc: <squid-users@xxxxxxxxxxxxxxx> >>> Subject: Re: New Admin >>> >>> tis 2009-10-06 klockan 16:55 -0400 skrev Ross Kovelman: >>> >>>> This is what I have for http_access: >>>> >>>> http_access deny bad_url >>>> http_access deny all bad_url >>>> http_access deny manager >>>> http_access allow manager localhost >>>> http_access allow workdays >>>> http_access allow our_networks >>>> >>>> >>>> I would think bad_url would do the trick since I have acl bad_url >>>> dstdomain, >>>> correct? >>> >>> It should. At least assuming you have not other http_access rules above >>> this. >>> >>> but the rest of those rules looks strange. >>> >>> I think you want something like: >>> >>> # Restrict cachemgr access >>> http_access allow manager localhost >>> http_access deny manager >>> >>> # Block access to banned URLs >>> http_access deny bad_url >>> >>> # Allow users access on workdays >>> http_access allow our_networks workdays >>> >>> # Deny everything else >>> http_access deny all >>> >>> >>> but have no description of what effect workdays is supposed to have... >>> >>> >>> Regards >>> Henrik >>> >>> >> >> >> I made a few changes and still nothing: >> >> acl bad_url dstdomain "/xxx/xxxx/etc/bad-sites.squid" >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1/255.255.255.255 >> acl our_networks src 192.168.16.0/255.255.255.0 >> acl to_localhost dst 127.0.0.0/8 >> acl workdays time M T W H F 8:30-12:00 11:30-18:00 >> acl SSL_ports port 443 563 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 563 # https, snews >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl CONNECT method CONNECT >> >> # Restrict cachemgr access >> http_access allow manager localhost >> http_access deny manager >> >> # Block access to banned URLs >> http_access deny bad_url workdays >> >> # Allow users access on workdays >> http_access allow our_networks workdays >> >> # Deny everything else >> http_access deny all >> >> I would think this would fulfill the request I just emailed to the group, >> but doesn't >> >> >> >> " Thanks, I made those changes although still no luck. I do save the >> changes >> and then run a ./squid -k reconfigure, not sure if I should run a >> different >> command. >> >> I do have this for work days: >> acl workdays time M T W H F 8:30-18:00 >> >> If I can I would like to deny those sites during "workdays" and then its >> open before or after that time. >> >> Thanks" >> >> >> > > Hi There, > > Maybe try this.... > > Change http_access deny bad_url workdays > To... http_access deny our_networks bad_url workdays > > It should match any source IP address and if the other 2 acls match then > you > should get 'Access Denied' > > Thanks, > Tookers the workdays ACL definition is wrong. it will only block on mondays between midnoght and one second after. >> acl workdays time M T W H F 8:30-12:00 11:30-18:00 Should be only one time range and no spaces in the day spec: acl workdays time MTWHF 8:30-12:00 acl workdays time MTWHF 11:30-18:00 or maybe two ACL. One for afternoon one for morning. Amos
