Hello, I've been given a homework connected to ACLs in Squid. Unfortunately there is no way to simulate the environment so I wrote acl rules off the top of my head. So please, check it. Probably there is a mistake in the scenario. Designers and programmers are in the same subnet and they should have different rules which I think is impossible. I know that it's long but I've tried to write it clear. So please, be patient and help. Scenario given. President has a PC and notebook with MACs specified (08:00:27:81:08:73 and 08:00:27:84:24:BF). Managers have three notebooks with MACs specified (08:00:27:E7:D5:37, 08:00:27:82:59:C5, 08:00:27:C3:BE:B8). Designers and programmers have computers in 192.168.2.0 subnet (their PCs are DHCP clients). An Administrator has notebook with 08:00:27:EB:D7:94 MAC. A secretary and an accountant have PCs in 192.168.3.0 subnet. And here are the rules which should be applied. 1. The president has unlimitted access. 2. Managers are denied to access to entertainment websites (community, movies, music) form Monday to Sunday during the working hours (8 - 16) 3. Designers are denied to access to entertainment websites all the time and their cannot download movie, music and exe (except Windows updates) files 4. Programmers are denied to access to entertainment websites all the time and cannot access to info websites such yaho_ com, newsweek _com during the working hours in working week. 5. An administrato has unlimitted access during the working hours. After, he is not allowed to access to entertainment websites. 6. A secretary and an accountant are denied to access to entertainment websites during the working hours and their cannot download any files from the Internet except xls, doc, gif, zip, txt files. # MY ACLs acl presidentNotebook arp 08:00:27:84:24:BF acl presidentPC arp 08:00:27:81:08:73 acl managerNotebook1 arp 08:00:27:E7:D5:37 acl managerNotebook2 arp 08:00:27:82:59:C5 acl managerNotebook3 arp 08:00:27:C3:BE:B8 # I don't know if it's possible to have three MACs in one ACL? acl designersProgrammers src 192.168.2.0/24 acl adminNotebook arp 08:00:27:EB:D7:94 acl office src 192.168.3.0/24 acl funWebsites dstdom_regex "/etc/squid/funWebsites.acl" acl workingHours time M T W H F A S 8:00-16:00 acl workingHoursWeek time M T W H F 8:00-16:00 acl alwaysTime time M T W H F A S 00:00-24:00 acl files urlpath_regex "/etc/squid/files.acl" acl microsoftDomain src microsoft.com acl exeFile urlpath_regex \.[Ee][Xx][Ee]$ acl infoWebsites dstdom_regex "/etc/squid/infoWebsites" acl officeDownload urlpath_regex "/etc/squid/office.acl # END of ACLs # FILES CREATED IN /etc/squid/ LOCATION - funWebsites.acl facebok _com twiter _com yatube _com movie music - files.acl .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][3]$ .[Tt][Oo][Rr][Rr][Ee][Nn][Tt]$ - infoWebsites.acl yaho _com newsweek _com - office.acl .[Dd][Oo][Cc]$ .[Gg][Ii][Ff]$ .[Xx][Ll][Ss]$ .[Tt][Xx][Tt]$ .[Zz][Ii][Pp]$ # HTTP_ACCESS SECTION http_access presidentNotebook allow all http_access presidentPC allow all http_access managerNotebook1 deny funWebsites workingHoursWeek http_access managerNotebook2 deny funWebsites workingHoursWeek http_access managerNotebook3 deny funWebsites workingHoursWeek http_access designersProgrammers deny funWebsites alwaysTime http_access designersProgrammers allow microsoftDomain exeFile http_access designersProgrammers deny files http_access designersProgrammers deny infoWebsites workingHoursWeek http_access adminNotebook deny funWebsites !workingHours http_access office deny funWebsites workingHours http_access office deny !officeDownload http_access allow all
