Re: [squid-users] Need a bit help with my ACL

sorry, got your intra and internet mixed !:].
----- Original Message -----
From: "Henk-Jan Kloosterman" <proxy@mail.kloosterman.org>
To: <squid-users@squid-cache.org>
Sent: Tuesday, October 16, 2001 8:03 PM
Subject: Re: [squid-users] Need a bit help with my ACL

> But this still does not force the none intra-network users to
"authenticate"
>
> > > The internet users may ONLY access the "unblockedsites" with
> > authentication,
> > > <SNIP>
> > > acl rproxy dstdomain "/etc/squid/rproxy.txt"
> > > http_access allow rproxy
> > > # Allow everybody to access the domains in rproxy.txt
> > >
> > > acl intra-networks src 192.168.0.0/16 150.50.0.0/16 10.30.0.0/16
> > > 10.50.0.0/16 194.134.69.64/26 172.16.4.32/28
> > > http_access deny !intra-networks
> >

acl rproxy dstdomain "/etc/squid/rproxy.txt"
http_access allow rproxy
# Allow everybody to access the domains in rproxy.txt

acl intra-networks src 192.168.0.0/16 150.50.0.0/16 10.30.0.0/16
10.50.0.0/16 194.134.69.64/26 172.16.4.32/28
#http_access deny !intra-networks
## If you are not on the intranet it is finished here.
# the above cannot work because you wanted them to authenticate...

acl unblockedsites url_regex "/etc/squid/unblock.txt"
http_access allow intra-networks unblockedsites
# note the order: place cheap testing acls before expensive testing
acl's
#if you are on the intranet, you may access a limited list of servers.

acl secure_id proxy_auth REQUIRED

http_access allow unblockedsites secure_id
#allow authenticated users access to unblocked sites

http_access deny !secure_id
#force authentication for anything else
#note: if you want internet users to only get to rproxy and unblocked
(with auth), insert http_access deny !intra-networks before the deny
!secure_id

Rob
Received on Tue Oct 16 2001 - 04:12:08 MDT