Hi all, My problem is that my acl for Pusr(power users) for denying access to facebook & youtube in office hours is not working may be there is a conflict in the definition of time. Also please guide me that if i have done it alright or there are mistakes in the file and optimization overall is must/recommended and how/what. regards, // puser= power users in my office ( which need few restrictions only) // Fcusr= Admins (which require no restrictions at all) //Rusr= Users with least rights and most restrictions. Also @amos domainname instead of ip recommended am still confused what if you dont have a public domain name? and what if you dont have a public ip on the squid machine ( please guide it would be real beneficial for clearing my concepts) visible_hostname 10.1.82.53 cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query http_port 10.1.82.53:3128 never_direct allow all cache_effective_user proxy cache_mgr bilal.aslam@xxxxxxxxxx coredump_dir /var/sppol/squid3 cache_dir ufs /var/squidcache 50000 16 256 cache_swap_low 75 cache_mem 1000 MB maximum_object_size 195 MB minimum_object_size 12 bytes cache_replacement_policy lru refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl localServers dst 10.1.82.0/24 10.1.80.0/24 10.1.245.0/24 #acl localServers dstdomain .bla.bla.com no_cache deny LocalServers acl Query urlpath_regex cgi-bin \? cache deny Query hierarchy_stoplist cgi-bin ? acl manager proto cache_object http_access allow manager http_access deny manager acl OverConnLimit maxconn 10 http_access deny OverConnLimit acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 http_access allow localhost acl SSL_ports port 443 #https acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl FcUsr src "/etc/squid3/FcUsr.conf" acl PUsr src "/etc/squid3/PUsr.conf" acl RUsr src "/etc/squid3/RUsr.conf" acl Working_hours time MTWHF 09:00-17:00 acl inlunchbreak time 13:00-14:30 ####----Definitions for BlockingRules----##### ###Definition of MP3/MPEG acl FTPMP3 url_regex -i ^ftp://.*\.mp3$ acl Movies rep_mime_type video/mpeg acl MP3s rep_mime_type audio/mpeg ###Definition of Flash Video acl deny_rep_mime_flashvideo rep_mime_type video/flv ###Definition of Porn acl Sex urlpath_regex sex acl PornSites url_regex "/etc/squid3/pornlist" ####Definition of YouTube. ## The videos come from several domains acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com ###Definition of FaceBook acl facebook_sites dstdomain .facebook.com #### Definition of MSN Messenger acl msn urlpath_regex -i gateway.dll acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com acl msn1 req_mime_type application/x-msn-messenger ####Definition of Blockig Skype acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443 acl Skype_UA browser ^skype^ ##Definition of Yahoo! Messenger acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com acl ym dstdomain .voice.yahoo.com acl ymregex url_regex yupdater.yim ymsgr myspaceim ## Other protocols Yahoo!Messenger uses ?? acl ym dstdomain .skype.com .imvu.com ###Disallowing download of executables from web##### ###---------------------------------------------######## http_access deny PornSites RUsr http_access deny PornSites PUsr http_access deny Sex RUsr http_access deny Sex PUsr http_access deny msnd PUsr http_access deny msnd RUsr http_access deny msn PUsr http_access deny msn RUsr http_access deny msn1 PUsr http_access deny msn1 RUsr http_access deny numeric_IPs PUsr http_access deny numeric_IPs RUsr http_access deny Skype_UA PUsr http_access deny Skype_UA RUsr http_access deny ym RUsr http_access deny ym PUsr http_access deny ymregex RUsr http_access deny ymregex PUsr #----Most Restricted settings Exclusive for Normal users......# http_reply_access deny Movies RUsr http_reply_access deny MP3s RUsr http_access deny FTPMP3 RUsr http_reply_access deny deny_rep_mime_flashvideo RUsr http_access deny youtube_domains RUsr http_access deny facebook_sites RUsr http_access allow youtube_domains inlunchbreak PUsr http_access allow facebook_sites inlunchbreak PUsr http_access deny youtube_domains PUsr Working_hours http_access deny facebook_sites PUsr Working_hours http_access allow FcUsr http_access allow PUsr http_access allow RUsr http_access deny all _________________________________________________________________ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
