Hi there, I try to set up some rights but I failed : I would like to set rights like this : FULL_ACCESS full acces ... no restriction STD_PLUS just limited download to 100 MB + some files are blocked ( exe, doc, etc ...) STD limited to download to 16 MB + some files are blocked (exe, doc, etc ...) NO_ACCESS No internet Could you please check my access list and tell me what's wrong ? Indeed users who is in STD group can download unlimited and same thing with STD_PLUS group. However, if comment these lines : #reply_body_max_size 100 MB Internetplus #http_access allow Internetplus STD group is limited to 16 MB and STD_PLUS group as well. Any help ? ------------------------------ --------------------------------------------------------------------------------------------------------------------------------------- auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Proxy Web LESIEUR auth_param basic credentialsttl 4 hours auth_param basic casesensitive off external_acl_type ad_group %LOGIN /usr/lib/squid/wbinfo_group.pl # ----------------------------------------------------------------------------- # DEFINITION DES ACCESS CONTROL LIST # ----------------------------------------------------------------------------- acl asn_hosts src 10.68.10.0/23 acl whitelist dstdomain "/etc/squid/sites.whitelist.txt" acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl" acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 21 acl safe_ports port 161 # boitier eRemote acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistred ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8080 acl purge method PURGE acl CONNECT method CONNECT acl snmppublic snmp_community public acl ftp proto 21 acl Internetlimite external ad_group STD acl Internetplus external ad_group STD_PLUS acl InternetFullAccess external ad_group FULL_ACCESS acl InternetNok external ad_group NO_ACCESS acl password proxy_auth REQUIRED #--------------------------------------------------------------------------------- # LISTE DES AUTORISATTIONS #--------------------------------------------------------------------------------- http_access deny InternetNok http_access allow whitelist http_access allow CONNECT whitelist http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow manager localhost http_access deny manager http_access allow purge http_access deny purge http_access allow asn_hosts http_access deny !password http_access allow password http_access allow InternetFullAccess http_access deny blockfiles reply_body_max_size 100 MB Internetplus http_access allow Internetplus reply_body_max_size 16 MB Internetlimite http_access deny ftp !InternetfullAccess !Internetplus http_access allow Internetlimite http_access deny all http_reply_access allow asn_hosts http_reply_access deny all -- Will
