Search squid archive

Re: https access only for few users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/11/17 23:03, Simon Dcunha wrote:

Dear All,

I have squid running with no issues for a long time and recently i have the below task.
User access to internet is based on physical machine IP address acl so only user ips listed in the conf file have access to internet

i need to allow access to only one site for some users and deny everything else. its a https site
the site is https://mof-sc-site.custhelp.com/

the users whos ips are listed in below acl should  access the above site only and nothing else.

so i have a access list as follows

----------------------------------------------------
acl onesite src 172.16.52.23 172.16.6.121
acl allowed_site url_regex "/etc/squid/site"
http_access allow onesite allowed_site
http_access deny onesite
------------------------------------------------------

in /etc/squid/site i have
------------------
.mof*

Now when I try to access the above site it says page cannot be displayed and in the squid access.log i see the below
--------------
1510224319.009      0 172.16.6.121 TCP_DENIED/403 4201 CONNECT mof-sc-site.custhelp.com:443 - HIER_NONE/- text/html


but if I try to access http://www.mof.gov.kw the home page is displayed and works fine

appreciate your advice and help


You are a) using the wrong tool [regex] for the job of matching a single *domain*, and b) using regex VERY VERY badly.

Your regex says any URL in existence that contains _any_ single character followed by 'm' then 'o' is a match for the ACL - thus is allowed to the "onesite" client(s). The 'f' being optional (the *) and at the end of the pattern means it does not matter at all for the matching and may as well not exist.



What you should be doing is using an ACL type that matches domain names and telling it the domain that you want to match:

  acl allowed_site dstdomain mof-sc-site.custhelp.com

The rest of your config snippet was correct for what you want to do.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux