Re: [SQU] access lists help

Okay, I thought you wanted to restrict the sites they went to.

You can restrict by IP address or by using an authentication method.

TO restrict by IP, the machine will be blocked, not the user. Also, in a
dhcp environment, this kinda sucks.
for source IP blocking, create an ACL like:

acl DENIED_IP src 192.168.1.1 192.168.1.2
# you could also just create a file and put one IP per line#

I'm in a DHCP environment and we are solely using IE 5.01. Because of this,
I've chosen to implement NTLM support. NTLM is pass-through authentication,
and the userid, password, and domain are validated against a BDC of your
choice. Check past posts to this list for more info about NTLM support.

Craig

----- Original Message -----
From: "Xwindows User" <xwindowuser@discflo.com>
To: "Craig Fels" <csfels@swbell.net>
Cc: <squid-users@ircache.net>
Sent: Wednesday, December 06, 2000 1:05 PM
Subject: Re: [SQU] access lists help

> this does help some, but more specifically I want to deniy access to
> some people on our lan....but thanks, this does help ...larry
>
>
> Craig Fels wrote:
> >
> > >
> > > http_access allow discflo
> > > http_access deny deniedACL
> > > http_access deny all
> > >
> >
> > Want to deny access to some sites, and allow access to the rest of the
> > sites?
> >
> > Try this...
> >
> > acl denied_acl dst .denied.com .porn.com
> >
> > http_access deny denied_acl
> > http_access allow discflo
> > http_access deny all
> >
> > This means:
> > 1) whatever matches denied_acl will be denied FOR EVERYONE
> > 2) Whatever matches discflo will be allowed for all sites EXCEPT
denied_acl
> > sites
> > 3) Everyone besides matches to discflo will be denied for all sites.
> >
> > Hope this helps.
> >
> > Craig
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html