Re: [SQU] Interesting Question

From: Thomas Adam <>
Date: Fri, 2 Mar 2001 12:57:32 -0800 (PST)

Ok, I believe I have a solution for you....

We have a similar situation here at our school,
although we do not use databases....

To give a brief description, one of your proxy servers
is dedicated to the lower school, and we have setup
squid so that the users can only go to webpages that
are listed in an ACL "gooddomains" but if they try to
go to another website, they are disallowed....ok??

I was given the task by our IT technician of finding a
way so that teachers could add a webpage link (URL)
into the ACL "gooddomains" so that the lowerschool
could access that site. (This was done by our IT
technician writing an ASP script for this) So, I wrote
a bash script that "loops4mail" and if it contains an
expression such as:

add gooddomains

that URL would be appended to the bottom of the ACL
"gooddomains" squid would reconfigure itself and the
site named above would then be allowed to be viewed.

Similarly, if you wanted that URL removing so that it
could no longer be accessed you would put:

remove gooddomains

The reason why @@@@ and %%%% are used for add and
remove respectfully is because I realised that I was
picking up www which was in the hostname, so I had to
come up with a prefix, otherwise I was finding that
the hostname of the proxy server was being added as an
ACL, and obviously the computer could not resolve to

If you would like a copy of my bash script "loop4mail"
let me know and I would be only too happy.

Ok, so in squid.conf, you will need to do the
following (I think,....this is only off the top of my

acl_src "/var/squid/gooddomains"

and then:

http_access allow all
http_access deny gooddomains

(You might need to ask someone about this... I have

Furthermore, if you have not already done so, you will
have to make sure that sendmail is configured
correctlyto get this script to work (thats if you
decide to use it :))

I believe that solves your problem...???

Thomas Adam

--- Henrik Nordstrom <> wrote: > So
go back to think about what the problem really
> is. Almost everything
> can be solved in this world (networking, web,
> proxies, ...), it is only
> a question about finding the correct approach.
> --
> Henrik Nordstrom
> Squid hacker
> Devin Teske wrote:
> >
> > I'm about to start cursing. I've come way to far
> to stop now. There HAS to
> > be a solution to this. You do know what the end
> product is right? Teachers
> > go online, somehow that add a link to a database.
> Students go online,
> > students can only go to those pages and nowhere
> else. This is the final
> > goal. I will never give up on this.
> >
> > Thanks,
> > Devin Teske
> >
> > >Devin Teske wrote:
> > > >
> > > > I was studying proxy servers and the protocols
> and something came to
> > >mind.
> > > > When the client requestsa page from the
> server, it will request a
> > >keep-alive
> > > > connection. After all the contents of the page
> have been loaded it will
> > > > close the connection.
> > >
> > >Many pages can be server using one connection,
> and all known browsers
> > >utlizes more than one connection to download the
> objects that makes up
> > >one page...
> > >
> > >
> > >--
> > >Henrik Nordstrom
> > >Squid hacker
> >
> > Get your FREE download of MSN Explorer at
> --
> To unsubscribe, see

Thomas Adam
Linux Co-ordinator for The Purbeck School

e-mail (school):
e-mail (yahoo) :

Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.

To unsubscribe, see
Received on Fri Mar 02 2001 - 14:02:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:28 MST