Re: [squid-users] Need a bit help with my ACL from Henrik Nordstrom on 2001-10-16 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 16 Oct 2001 12:15:22 +0200

The following should do:

# Allow everybody to access the domains in rproxy.txt
acl rproxy dstdomain "/etc/squid/rproxy.txt"
http_access allow rproxy

# Some ACL groups for users and destinations
acl intra-networks src 192.168.0.0/16 150.50.0.0/16 10.30.0.0/16
10.50.0.0/16 194.134.69.64/26 172.16.4.32/28
acl unblockedsites url_regex "/etc/squid/unblock.txt"
acl secure_id proxy_auth REQUIRED

# Allow intranet to access unblockedsites freely
http_access allow unblockedsites intra-networks

# Allow everyone to access unblockedsites if they log in
http_access allow unblockedsites secure_id

# Allow intranet to access anything if they log in
http_access allow intra-networks secure_id

# Deny everything else
http_acecss deny all

Regards
Henrik Nordström
Squid Hacker
MARA Systems AB, Sweden

>
> http_access allow secure_id
>
> Everybody els must use
>
> #
> # And finally deny all other access to this proxy
> http_access deny all

Henk-Jan Kloosterman wrote:
>
> I have a so could "writers block" (squid acl) (I hope I am clear... sorry
> for the bad descreption)
>
> I want my intranet users to be free to access the acl unblockedsites, (this
> works)
> but the "internet users" need to authenticate. (This is the tricky bit)
>
> The internet users may ONLY access the "unblockedsites" with authentication,
> and the rproxy list WITHOUT authentication.
>
> I have the following ACL set up:
>
> <SNIP>
> acl rproxy dstdomain "/etc/squid/rproxy.txt"
> http_access allow rproxy
> # Allow everybody to access the domains in rproxy.txt
>
> acl intra-networks src 192.168.0.0/16 150.50.0.0/16 10.30.0.0/16
> 10.50.0.0/16 194.134.69.64/26 172.16.4.32/28
> http_access deny !intra-networks
> # If you are not on the intranet it is finished here.
>
> acl unblockedsites url_regex "/etc/squid/unblock.txt"
> http_access allow unblockedsites intra-networks
> #if you are on the intranet, you may access a limited list of servers.
>
> acl secure_id proxy_auth REQUIRED
> http_access allow secure_id
>
> Everybody els must use
>
> #
> # And finally deny all other access to this proxy
> http_access deny all
>
> <SNIP>
>
> I only mis the bit for the "internet users" to access the unblocked sites
> with authentication.....
Received on Tue Oct 16 2001 - 04:14:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:45 MST