[squid-users] HTTP access only foer certain times of the day

From: Michael Fuller / Hotmail <fullerms@dont-contact.us>
Date: Tue, 12 Nov 2002 15:44:03 +0530

Hi all,

I am trying to implement squid_ldap_group in our network. I want to
construct an acl which will permit a group of users to browse ONLY during
12:30 to 14:00 hrs, Monday to Saturday. However, these users are being
denied access at all times. The relevent lines from squid.conf are pasted
below, along with the logs for the ACL.

---------------------squid.conf---------------------------------------------
-------

external_acl_type ldapgroup %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b "O=Southern Railway" -f
"(&(cn=%a)(member=cn=%v,O=Southern Railway)(objectClass=groupOfNames))" -h
10.5.2.191

acl authenticate proxy_auth REQUIRED
acl ldap_browse external ldapgroup browsers
acl ldap_notbrowse external ldapgroup notbrowsers
acl ldap_lunchbrowse external ldapgroup lunchbrowsers
acl permit_intranet dst 10.0.0.0/8
acl permit_lunchtime time MTWHFA 12:30-14:00

deny_info ERR_LUNCH_TIME ldap_lunchbrowse

acl no_porn_domain url_regex "/usr/local/squid/blacklists/porn/domains"
deny_info ERR_NO_PORN no_porn_domain

acl no_warez_domain url_regex "/usr/local/squid/blacklists/warez/domains"
deny_info ERR_NO_PORN no_warez_domain

acl no_ad_domain url_regex "/usr/local/squid/blacklists/ads/domains"

http_access allow permit_intranet
http_access deny no_porn_domain
http_access deny no_warez_domain
http_access deny no_ad_domain

http_access allow ldap_lunchbrowse permit_lunchtime
http_access allow ldap_browse

http_access deny ldap_notbrowse
http_access deny all

------------------ACL log-------------------

2002/11/12 07:30:39| The request GET http://www.novell.com/ is DENIED,
because it matched 'ldap_lunchbrowse'
2002/11/12 07:30:39| The reply for GET http://www.novell.com/ is ALLOWED,
because it matched 'all'
2002/11/12 07:30:45| The request GET http://www.novell.com/ is DENIED,
because it matched 'ldap_lunchbrowse'
2002/11/12 07:30:45| The reply for GET http://www.novell.com/ is ALLOWED,
because it matched 'all'

Can somebody point out where I am going wrong ?

Thanks and regards,
Michael Fuller
Received on Tue Nov 12 2002 - 03:33:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:17 MST