Search squid archive

Re: ACLs Implementation help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



yay! :)

On 11/11/10 23:39, Edmonds Namasenda wrote:
Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx>  wrote:

On 09/11/10 20:25, Edmonds Namasenda wrote:

Dear all.
Using openSuse 11.2 and Squid 3.0 Stable 18

Besides commenting out anything to do with 'localnet', below is all that
I added or edited on squid.conf

# Authentication Program
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

# Start ACLs (bottom of ACL section defaults)
acl passt proxy_auth REQUIRED        # Authentication file to be used
"passt"
acl net_ed src 10.100.10.0/24<http://10.100.10.0/24>  192.168.7.0/24
<http://192.168.7.0/24>  10.208.6.0/24<http://10.208.6.0/24>          # My
networks
acl dove src 10.100.10.248-10.100.10.255        # Unrestricted Internet
access I.P range
acl whrs1 time MTWHF 9:00-12:59        # Morning work shift
acl whrs2 time MTWHF 13:00-16:59        # Afternoon work shift

meant to be ...
acl whrs2 time MTWHF 14:00-16:59

acl nowww dstdomain "/etc/squid/noWWW"        # Inaccessible URLs file path
acl nodwnld urlpath_regex "/etc/squid/noDWNLD"        # Unavailable
downloads file path

# End ACLs

# Start http_access Edits (top of http_access section defaults)
http_access allow dove        # Internet access without authentication,
denied URLs or download restrictions
http_access deny nowww whrs1 whrs2        # Deny URLs during work shifts

Um, this means that when the clock says simultaneously that it is both morning AND afternoon...

... to deny with an OR combine the time periods into one ACL name or split the http_access into two lines.

http_access deny nowww whrs1
http_access deny nodwnld whrs1
http_access deny nowww whrs2
http_access deny nodwnld whrs2
... works great so far as tested.

Amos

How do I enforce password authentication ONLY ONCE for users to

What do you mean by "ONLY ONCE"? A user can be authenticated or not, there is no multiple about it.

internet access using file "passt"?
http_access allow passt net_ed  ?!

With the above Squid will pull the auth details sent by the browser out of the request. If there are none it will skip the access line.

You place the ACL of type proxy_auth (in this case "past") last on the line to make Squid request credentials from the browser.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.9
  Beta testers wanted for 3.2.0.3


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux