Re: access control via external program?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 11 Dec 1998 01:16:52 +0100

Matthew Kirkwood wrote:

> The user/site thing is OK, but I haven't yet found
> any way to implement the time bit.

acl aclname time [day-abbrevs] [h1:m1-h2:m2]

You can specify time down to a specific minute in the week which
should be more than most people need.

> It's also quite likely the the requirements will change
> over time, so I thought using an external program to control
> allow/deny might be the way forward

If you put most of the access lists in external files then I
have a patch that allows you to selectively reload acls
using the cache manager interface so you don't have to restart
Squid each time you change a acl list.

See http://hem.passagen.se/hno/squid/

Also remember that you can combine all the different ACL types. The
logic is AND of the acls listen on a access line and shortcut OR between
access lines. First matching access line terminates the search.

http_access allow acl1 acl2 acl3
http_access deny acl4 acl5
http_access allow acl6 acl7

is

allow if acl1 AND acl2 AND acl3
OR
deny if acl4 AND acl5
OR
allow if acl6 AND acl7
OR
deny

---
Henrik Nordstrom
Spare time Squid hacker
Received on Thu Dec 10 1998 - 17:23:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:36 MST