On 10/09/11 19:03, Kumar P wrote:
HI dear, I am Kumar, Here is my Squid configuration file. ( Squid v.3.0 ) I would like to give specific users access to specific web content, But through this configuration file, if I give permission for a specific user to access the tutorial, social networking is blocked but movie is accessible. Even if I grouped allow and deny separately and checked, the same problem continues; I can't grant access to the tutorial but still block access to movies.
Sure you can. Squid access controls are at heart a list of boolean statements. Which can describe any property of the request in any combination of any order.
You are just committing the newbies mistake of only using one property per decision. This is how the ACLs actually work:
http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes
acl localnet src 10.1.1.0/24 acl special src "/etc/squid/special.txt" # All Access IPs acl unlimited src "/etc/squid/unlimited.txt" # Full Download access acl allow_proxy src "/etc/squid/allow_proxy.txt" # Allow Proxy sites acl allow_social src "/etc/squid/allow_social.txt" # Allow Social networking acl allow_tutorial src "/etc/squid/allow_tutorial.txt" # Allow Tutorial acl allow_movie src "/etc/squid/allow_movie.txt" # Allow Jobs acl allow_jobs src "/etc/squid/allow_jobs.txt" # Allow Movie #Allow / Block acl goodkey url_regex "/etc/squid/goodkey.txt" acl proxy url_regex "/etc/squid/proxy.txt" acl social url_regex "/etc/squid/social.txt" acl tutorial url_regex "/etc/squid/tutorial.txt" acl movie url_regex "/etc/squid/movie.txt" acl jobs url_regex "/etc/squid/jobs.txt" #Download Limit reply_body_max_size 3000 KB localnet !unlimited request_body_max_size 3000 KB localnet !unlimited #Allow http_access allow special http_access allow goodkey #Proxy http_access allow allow_proxy http_access deny proxy
Replace with: http_access allow allow_proxy proxy
#Social http_access allow allow_social http_access deny social
Replace with: http_access allow allow_social social
#Tutorial http_access allow allow_tutorial http_access deny tutorial
Replace with: http_access allow allow_tutorial tutorial
#Movie http_access allow allow_movie http_access deny movie
Replace with: http_access allow allow_movie movie
#Jobs http_access allow allow_jobs http_access deny jobs
Replace with: http_access allow allow_jobs jobs
#ACL Allow http_access allow localnet
Replace with: http_access allow localnet !tutorial !jobs !movie
#And finally deny all other access to this proxy http_access allow localhost
Maybe replace with: http_access allow localhost !tutorial !jobs !movie
http_access deny all
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11
