Landy Landy wrote:
I have a small network at an elementery school where I have two labs: one would have access to the internet and one won't. I'm currently doing this. Now, I also have teachers and others that would be accessing the web as well. I would like to allow teachers and other full access to the internet and the allowed students (the other lab) would be restricted to certain pages that's where squidGuarg comes in. Since, I'm already doing: acl localnet src 172.16.0.0/16 acl proxy src 172.16.0.1 acl allowed src "/etc/msd/ipAllowed" acl CONNECT method CONNECT http_access allow proxy http_access allow localhost #---- Block some sites acl blockanalysis01 dstdomain .scorecardresearch.com .google-analytics.com acl blockads01 dstdomain .rad.msn.com ads1.msn.com ads2.msn.com ads3.msn.com ads4.msn.com acl blockads02 dstdomain .adserver.yahoo.com pagead2.googlesyndication.com ad.yieldmanager.com acl blockads03 dstdomain .doubleclick.net http_access deny blockanalysis01 http_access deny blockads01 http_access deny blockads02 http_access deny blockads03 http_access allow allowed http_access deny all .................................... I don't see how I can take an ip address from ipAllowed to do content filtering. This is where I'm stuck.
It sounds like you are missing the concept that squidGuard is a separate process with a separate set of rules from that of squid. SG will act on whatever squid redirects to it.
You have rules (above) that permit only a subset of your total user base access to the web as determined by whether they are allowed access to the proxy at all.
squidGuard works as a squid redirector (see url_rewrite_program in squid.conf) on top of this. With this enabled, all web traffic permitted access to the proxy (in your case defined by "http_access allow allowed") will also be redirected to SG and be filtered according to whatever rules you set up there. Within SG you can allow or disallow based upon network segment, individual IP address, userid if you set up authentication, time of day, destination url on the web and other parameters.
IOW, you "take an ip address from ipAllowed to do content filtering" by virtue of that fact that the client in ipAllowed has already been permitted access to the proxy and with the redirector enabled will now also be processed according to the rules set up in the redirect (url_rewrite) program.
HTH. -- Mike Rambo NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice...
