Re: Help needed: How to make an ACL that only works some times of from Benarson Behajaina on 1998-03-04 (squid-users)

From: Benarson Behajaina <Benarson.Behajaina@dont-contact.us>
Date: Wed, 4 Mar 1998 11:41:24 +0100 (MET)

Francis A. Vidal wrote:
>
> On Tue, 3 Mar 1998, Benarson Behajaina Rodriguez wrote:
>
> > deny_info http://yourweb.server.foo/message.html WorkingHours
>
> does the deny_info tag need the following?
>
> deny_info [URL of message file] [another ACL]
Yes.

e.g:

deny_info http://home.swh.sk/info/limitedweek.html Week
deny_info http://home.swh.sk/info/srcdomain.html Kaya xdomain

acl Kaya src xxx.xxx.xxx.xxx/32

acl Week time MTWHF 08:00-16:30
acl xdomain dstdomain xxx.com
acl FORUM url_regex www\.forum\.sk
acl SEX url_regex ^[a-z]*://.*(\.sex|porno|erotic|nude).*/
acl CENSORED url_regex "/www/squid/etc/censored.cf"

http_access deny xdomain
http_access deny FORUM kaya
http_access deny CENSORED Week
http_access deny SEX Week

So this works for me.

> can you please elaborate more on this tag? i've been reading squid docs
> and i haven't found anything about this.
>
> > acl WorkingHours time MTWHF 08:00-16:00
> > acl GAME urlpath_regex game
> > http_access deny GAME WorkingHours
>
> how do i deny use of the cache *after* working hours?
>
> acl clients src "/usr/local/squid/etc/clients"
> acl peers src "/usr/local/squid/etc/peers"
> acl sites-denied dstdomain "/usr/local/squid/etc/sites-denied"
> acl workhours time MTWHF 07:30-18:30
>
> http_access allow clients workhours !sites-denied
> http_access deny all

> icp_access allow peers
> icp_access deny all

Since you used 'http_access deny all' then your PEERS won't be
able to access your cache proxy.

> this would mean that clients won't have access to the cache after
> workhours but "ICP peers" would still have access after workhours -- is
> this correct?
This is correct, but you forgot to allow access for you peers,
so put there:

http_access allow peers
http_access allow clients workhours !sites-denied

-- 
--------------------------------------------------
 Benarson Rodriguez Behajaina 
 Unix System Administrator   
 email :  benarson@swh.sk   
 phone :  +421 7 538 4921  
 fax   :  +421 7 538 5403 
--------------------------------------------------

Received on Wed Mar 04 1998 - 03:22:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:09 MST