Search squid archive

ACLs scenario

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
I've been given a homework connected with ACLs in Squid. Unfortunately
there is no way to simulate the environment so I wrote acl rules off
the top of my head. So please, check it.

Probably there is a mistake in the scenario. Designers and programmers
are in the same subnet and they should have different rules which I
think is impossible. I know that it's long but I've tried to write it
clear. So please, be patient and help.

Scenario given.
President has a PC and notebook with MACs specified (08:00:27:81:08:73
and 08:00:27:84:24:BF).
Managers have three notebooks with MACs specified (08:00:27:E7:D5:37,
08:00:27:82:59:C5, 08:00:27:C3:BE:B8).
Designers and programmers have computers in 192.168.2.0 subnet (their
PCs are DHCP clients).
An Administrator has notebook with 08:00:27:EB:D7:94 MAC.
A secretary and an accountant have PCs in 192.168.3.0 subnet.

And here are the rules which should be applied.
1. The president has unlimited access.
2. Managers are denied to access to entertainment websites (community,
movies, music, porn) form Monday to Sunday during the working hours (8
- 16)
3. Designers are denied to access to entertainment websites all the
time and their cannot download movie, music, torrent and exe (except
Windows updates) files
4. Programmers are denied to access to entertainment websites all the
time and cannot access to info websites such yahoo.com, newsweek.com
during the working hours in working week.
5. An administrato has unlimitted access during the working hours.
After, he is not allowed to access to entertainment websites.
6. A secretary and an accountant are denied to access to entertainment
websites during the working hours and their cannot download any files
from the Internet except xls, doc, gif, zip, txt files.

# MY ACLs
acl presidentNotebook arp 08:00:27:84:24:BF
acl presidentPC arp 08:00:27:81:08:73
acl managerNotebook1 arp 08:00:27:E7:D5:37
acl managerNotebook2 arp 08:00:27:82:59:C5
acl managerNotebook3 arp 08:00:27:C3:BE:B8	# I don't know if it's
possible to have three MACs in one ACL?
acl designersProgrammers src 192.168.2.0/24
acl adminNotebook arp 08:00:27:EB:D7:94
acl office src 192.168.3.0/24

acl funWebsites dstdom_regex "/etc/squid/funWebsites.acl"
acl workingHours time M T W H F A S 8:00-16:00
acl workingHoursWeek time M T W H F 8:00-16:00
acl alwaysTime time M T W H F A S 00:00-24:00
acl files urlpath_regex "/etc/squid/files.acl"
acl microsoftDomain src microsoft.com
acl exeFile urlpath_regex \.[Ee][Xx][Ee]$
acl infoWebsites dstdom_regex "/etc/squid/infoWebsites"
acl officeDownload urlpath_regex "/etc/squid/office.acl
# END of ACLs

# FILES CREATED IN /etc/squid/ LOCATION
- funWebsites.acl
facebook.com
twitter.com
youtube.com
porn
movie
sex
music


- files.acl
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][3]$
.[Tt][Oo][Rr][Rr][Ee][Nn][Tt]$


- infoWebsites.acl
yahoo.com
newsweek.com


- office.acl
.[Dd][Oo][Cc]$
.[Gg][Ii][Ff]$
.[Xx][Ll][Ss]$
.[Tt][Xx][Tt]$
.[Zz][Ii][Pp]$


# HTTP_ACCESS SECTION
http_access presidentNotebook allow all
http_access presidentPC allow all
http_access managerNotebook1 deny funWebsites workingHoursWeek
http_access managerNotebook2 deny funWebsites workingHoursWeek
http_access managerNotebook3 deny funWebsites workingHoursWeek  # I
dont know if it's possible to put these 3 row into 1.
http_access designersProgrammers deny funWebsites alwaysTime
http_access designersProgrammers allow microsoftDomain exeFile
http_access designersProgrammers deny files
http_access designersProgrammers deny infoWebsites workingHours
http_access adminNotebook deny funWebsites !workingHours
http_access office deny funWebsites workingHours
http_access office deny !officeDownload
http_access allow all


----------
Best regards!


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux