[squid-users] Preventing ONE machine from getting to Internet

From: Brian Schonecker <brian.schonecker@dont-contact.us>
Date: Wed, 26 Jun 2002 11:37:55 -0400

I have a unix server that has an older version of Netscape on it.

The users on this server need Netscape in order to view the HTML help for
the CAD system they use. I do NOT want them to be about to browse to the
Internet because Netscape causes utilization to go very high.

I want to be able to give them access to everything INTERNAL but nothing
EXTERNAL. I thought this would be very simple but I've been working on it
for two days to no avail.

Atlantis is the name of the unix server....Xnet is the name of our internal
web server.

Shouldn't this work?

As a tangent, I have lots of computers on the shop floor that I need to do
the same thing. Too many guys surfing the internet and installing instant
messenger and the like. They do need, however to get to all of our internal
stuff.

acl all src 0.0.0.0/0.0.0.0
acl xtek src 192.168.202.152/255.255.0.0
acl atlantis src 192.168.202.60
acl xnet src 192.168.202.62

#http_access allow localhost
http_access deny atlantis !xnet << Deny everything except
192.168.202.62????
http_access deny atlantis

http_access allow xtek
http_access deny all

A copy of the cache.log:

2002/06/26 11:37:06| The request GET http://www.yahoo.com/ is DENIED,
because it matched 'xnet'
2002/06/26 11:37:10| The request GET http://xnet.xtek.com/ is DENIED,
because it matched 'xnet'
Received on Wed Jun 26 2002 - 09:37:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:49 MST