Search squid archive

ACLs Implementation help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>
> On 09/11/10 20:25, Edmonds Namasenda wrote:
>>
>> Dear all.
>> Using openSuse 11.2 and Squid 3.0 Stable 18
>>
>> Besides commenting out anything to do with 'localnet', below is all that
>> I added or edited on squid.conf
>>
>> # Authentication Program
>> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
>>
>> # Start ACLs (bottom of ACL section defaults)
>> acl passt proxy_auth REQUIRED Â Â Â Â# Authentication file to be used
>> "passt"
>> acl net_ed src 10.100.10.0/24 <http://10.100.10.0/24> 192.168.7.0/24
>> <http://192.168.7.0/24> 10.208.6.0/24 <http://10.208.6.0/24> Â Â Â Â# My
>> networks
>> acl dove src 10.100.10.248-10.100.10.255 Â Â Â Â# Unrestricted Internet
>> access I.P range
>> acl whrs1 time MTWHF 9:00-12:59 Â Â Â Â# Morning work shift
>> acl whrs2 time MTWHF 13:00-16:59 Â Â Â Â# Afternoon work shift

meant to be ...
acl whrs2 time MTWHF 14:00-16:59

>> acl nowww dstdomain "/etc/squid/noWWW" Â Â Â Â# Inaccessible URLs file path
>> acl nodwnld urlpath_regex "/etc/squid/noDWNLD" Â Â Â Â# Unavailable
>> downloads file path
>>
>> # End ACLs
>>
>> # Start http_access Edits (top of http_access section defaults)
>> http_access allow dove    Â# Internet access without authentication,
>> denied URLs or download restrictions
>> http_access deny nowww whrs1 whrs2 Â Â Â Â# Deny URLs during work shifts
>
> Um, this means that when the clock says simultaneously that it is both morning AND afternoon...
>
> ... to deny with an OR combine the time periods into one ACL name or split the http_access into two lines.

http_access deny nowww whrs1
http_access deny nodwnld whrs1
http_access deny nowww whrs2
http_access deny nodwnld whrs2
... works great so far as tested.

> Amos

How do I enforce password authentication ONLY ONCE for users to
internet access using file "passt"?
http_access allow passt net_ed ?!


--
Thank you and kind regards,

I.P.N Edmonds

Cel:Â Â +256 70 227 3374
ÂÂÂÂÂ Â ÂÂ +256 71 227 3374

Y! / MSN: zibiced | GMail: namasenda | Skype: edsend



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux