Re: [squid-users] acls, the universe and everything.

From: Robert Collins <robert.collins@dont-contact.us>
Date: 29 Aug 2001 12:41:14 +1000

On 29 Aug 2001 12:43:37 +1000, Peter Wood wrote:
> Hi all,
>
> We are a medium sized secondary school running Linux 7 and Squid 2.4.
> It's working really well and we're starting to push the limits of our
> knowledge again.
> What we want to do is have machines with certain IP addresses (student
> machines) to be restricted but leave other IPs (staff machines)
> unrestricted. So far we have the restrictions working nicely for every IP
> like this:
>
> acl BLOCK url_regex -i "/etc/squid/block.acl"
> acl UNBLOCK url_regex -i "/etc/squid/unblock.acl"
> http_access deny BLOCK !UNBLOCK
>
> This block the sites we choose for all IPs.
>
> To unrestrict IPs from xx.xx.xx.0 to xx.xx.xx.40 we tried this:
>
> acl BLOCK url_regex -i "/etc/squid/block.acl"
> acl UNBLOCK url_regex -i "/etc/squid/unblock.acl"
> acl downloadhosts src xx.xx.xx.0/xx.xx.xx.40
> http_access deny BLOCK !UNBLOCK !downloadhosts

xxx.xxx.xxx.0/xxx.xxx.xxx.40 isn't valid IIRC. What you want is
xxx.xxx.xxx.0-xxx.xxx.xxx.40

And then the above or below http_access lines should work.
Rob

> and, yes, it didn't work. Then we tried
>
> http_access allow downloadhosts
> http_access deny BLOCK !UNBLOCK
> http_access allow all
>
> and, yes, it didn't seem to work again... :-)
>
> Do any of you creative "acl hacksmiths" have a suggestions?
> While you're at it, how do I work time acls into the equation.
>
> eg: ...also block students during certain times of the day as
> well as the above criteria?
>
> Any help greatfully accepted.
>
> regards,
>
> Peter.
>
>

-- 
_____________________________
Robert Collins
CEO
IT Domain Pty Limited
Your Application Solution Partner
02 9476 4223   Mobile: 0414 693 367
www.itdomain.com.au
_____________________________
 
Received on Tue Aug 28 2001 - 20:54:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:56 MST