|
What i want if it's possible is :
Users can't access Internet, except during two periods each day i 'll define. During these two periods, they can access only a few sites i define in the file (basic url http or https per line) I have to know if it's possible with Squid ? or Squidguard ? Or not at all ? Thank you ! > From: Antony.Stone@xxxxxxxxxxxxxxxxxxxx > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Date: Thu, 12 Nov 2015 17:04:06 +0100 > Subject: Re: [squid-users] ACL and http_access > > On Thursday 12 November 2015 at 15:55:10, Magic Link wrote: > > > Hi, > > I want people don't have access to Internet, except one hour twice a day > > with only some urls.listed in a file.I use the ACL type "time" and > > "url_regex" but it doesn't work. > > Please elaborate on "it doesn't work". > > Do you mean people cannot access the Internet when they are supposed to be > able to? > > Do you mean they can access the Internet when they are not supposed to be able > to? > > Do you mean that can access sites which they are not supposed to access? > > What, specifically, does and does not work? > > > I think i don't do well with the order of http_access too. Is it possible > > with squid only to do what i want ? Here is my squid.conf : > > > acl network src 10.2.0.0/16 > > acl working_hours time MTWHF 09:30-10:30 > > acl out_working_hours MTWHF 17:30-18:30 > > acl whitelist url_regex "/etc/squid3/allow.acl" > > We need to see the contents (or at least, some examples) from that file. > > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 21 # ftp > > acl Safe_ports port 443 # https > > acl Safe_ports port 70 # gopher > > acl Safe_ports port 210 # wais > > acl Safe_ports port 1025-65535 # unregistered ports > > acl Safe_ports port 280 # http-mgmt > > acl Safe_ports port 488 # gss-http > > acl Safe_ports port 591 # filemaker > > acl Safe_ports port 777 # multiling http > > acl CONNECT method CONNECT > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > http_access allow localhost manager > > http_access deny manager > > > http_access allow localhost > > http_access deny out_working_hours > > http_access allow working_hours whitelist > > http_access allow network > > http_access deny all > > So the above 5 directives will: > > 1. Allow access from the local machine (good). > > 2. Deny access from anywhere between M-F 17:30-18:30 - is that really what you > meant? You said you want to allow access for one hour twice a day, yet here > you are denying access during a one hour timeslot. > > 3. Allow access from anywhere M-F 09:30-10:30 to sites matching your regex > list. > > 4. Allow access from any address 10.2.0.0/16 - this looks bad > > 5. Deny anything else. > > > http_port 3128 > > coredump_dir /var/spool/squid3 > > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > debug_options 28,4 > > I would suggest (assuming your regex list is good) trying: > > http_access allow localhost > http_access allow network working_hours whitelist > http_access allow network out_working_hours whitelist > http_access deny all > > The above should allow access from 10.2.0.0/16 to the sites in your regex list > between the hours 09:30-10:30 and 17:30-18:30 M-F > > If that isn't what you wanted, please specify the requirement and we'll see if > we can help further. > > > > Antony. > > -- > +++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++ > > Please reply to the list; > please *don't* CC me. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
