Search squid archive

Re: Proxy & Authenication help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/11/10 21:13, Edmonds Namasenda wrote:

        If I were to add ACLs with some an I.P Addresses to access the
        internet
        without any restrictions, how can I go about that?


    By creating ..

      # "an ACL listing the IPs ..."
      acl foo src ...

Are the below right ACLs?
acl foo src 10.100.10.3, 10.100.10.6, 10.100.10.15-10.100.10.27
acl fop src 10.100.10.7, 10.100.10.28-10.100.10.100


Without the commas that would be two valid src ACL definitions for some IPs and ranges.

I don't know any details about how your network is designed to say whether they are right.

      # " ... and allowing them access first ..."
      http_access allow foo

If I am to use authentication with NCSA user file (ncsa_access) so that
foo log-in but access internet freely throughout the day and week while
fop log-in though restricted on accessed URLs ACL (nowww) and controlled
downloads ACL (nodwnld) within time limits of whrs1 and whrs2, how do I
set that up?

Um. It's time you learn about Squid ACL, how they work and how to create them to a policy.

References:
 http://wiki.squid-cach.eorg/SquidFaq
 http://www.squid-cache.org/Doc/config/acl/
 http://www.squid-cache.org/Doc/config/http_access/
 http://www.squid-cache.org/Doc/config/auth_param/


Start by taking that big paragraph above and breaking it down into a series of policy rules. Write those rules in order from most important to least important.

> If I am to use authentication with NCSA user file (ncsa_access) so that

... start with the authentication settings that use NCSA to check that file and an ACL definition that checks users login.


> foo log-in but access internet freely throughout the day and week while

Does that mean foo are always logged in with no other restrictions during your times?
Or that they are not even asked to login at certain times?

As you can imagine very different things, with different config.


> fop log-in though restricted on accessed URLs ACL (nowww) and controlled
> downloads ACL (nodwnld) within time limits of whrs1 and whrs2,

... how would you break that up or change it to into statements of "X can happen" or "Y must not happen" ?


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.9
  Beta testers wanted for 3.2.0.2


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux