Search squid archive

Issue with access list / download

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

I try to set up some rights but I failed :

I would like to set rights like this :

FULL_ACCESS  full acces ... no restriction
STD_PLUS         just limited download to 100 MB + some files are
blocked ( exe, doc, etc ...)
STD                    limited to download to 16 MB + some files are
blocked (exe, doc, etc ...)
NO_ACCESS      No internet

Could you please check  my access list and tell me what's wrong ?
Indeed users who is in STD group can download
unlimited and same thing with STD_PLUS group.
However, if comment these lines :

#reply_body_max_size 100 MB Internetplus
#http_access allow Internetplus

STD group is limited to 16 MB and STD_PLUS group as well.

Any help ?


------------------------------
---------------------------------------------------------------------------------------------------------------------------------------


auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy Web LESIEUR
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off

external_acl_type ad_group %LOGIN /usr/lib/squid/wbinfo_group.pl

# -----------------------------------------------------------------------------
# DEFINITION DES ACCESS CONTROL LIST
# -----------------------------------------------------------------------------

acl asn_hosts src 10.68.10.0/23

acl whitelist dstdomain "/etc/squid/sites.whitelist.txt"
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 21
acl safe_ports port 161 # boitier eRemote
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistred ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8080
acl purge method PURGE
acl CONNECT method CONNECT
acl snmppublic snmp_community public
acl ftp proto 21
acl Internetlimite external ad_group STD
acl Internetplus external ad_group STD_PLUS
acl InternetFullAccess external ad_group FULL_ACCESS
acl InternetNok external ad_group NO_ACCESS
acl password proxy_auth REQUIRED

#---------------------------------------------------------------------------------
# LISTE DES AUTORISATTIONS
#---------------------------------------------------------------------------------

http_access deny InternetNok
http_access allow whitelist
http_access allow CONNECT whitelist
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access allow purge
http_access deny purge
http_access allow asn_hosts
http_access deny !password
http_access allow password
http_access allow InternetFullAccess
http_access deny blockfiles
reply_body_max_size 100 MB Internetplus
http_access allow Internetplus
reply_body_max_size 16 MB Internetlimite
http_access deny ftp !InternetfullAccess !Internetplus
http_access allow Internetlimite
http_access deny all

http_reply_access allow asn_hosts
http_reply_access deny all


--

Will


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux