On 09/11/17 23:03, Simon Dcunha wrote:
Dear All, I have squid running with no issues for a long time and recently i have the below task. User access to internet is based on physical machine IP address acl so only user ips listed in the conf file have access to internet i need to allow access to only one site for some users and deny everything else. its a https site the site is https://mof-sc-site.custhelp.com/ the users whos ips are listed in below acl should access the above site only and nothing else. so i have a access list as follows ---------------------------------------------------- acl onesite src 172.16.52.23 172.16.6.121 acl allowed_site url_regex "/etc/squid/site" http_access allow onesite allowed_site http_access deny onesite ------------------------------------------------------ in /etc/squid/site i have ------------------ .mof* Now when I try to access the above site it says page cannot be displayed and in the squid access.log i see the below -------------- 1510224319.009 0 172.16.6.121 TCP_DENIED/403 4201 CONNECT mof-sc-site.custhelp.com:443 - HIER_NONE/- text/html but if I try to access http://www.mof.gov.kw the home page is displayed and works fine appreciate your advice and help
You are a) using the wrong tool [regex] for the job of matching a single *domain*, and b) using regex VERY VERY badly.
Your regex says any URL in existence that contains _any_ single character followed by 'm' then 'o' is a match for the ACL - thus is allowed to the "onesite" client(s). The 'f' being optional (the *) and at the end of the pattern means it does not matter at all for the matching and may as well not exist.
What you should be doing is using an ACL type that matches domain names and telling it the domain that you want to match:
acl allowed_site dstdomain mof-sc-site.custhelp.com The rest of your config snippet was correct for what you want to do. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
