RE: [squid-users] How to configure squid for denying users tododownload process for specified time range?

From: Winanjaya <winanjaya@dont-contact.us>
Date: Fri, 23 May 2003 14:52:38 +0700

Sorry, I am not sure that I understand what you mean exactly? I followed the
code you suggested but the same problem still occurs ( some peoples still
can do download process, what I need is some peoples can browse to the
internet but they are not allowed to download files from the internet) ..

Good luck

Regards
Winan

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, May 23, 2003 2:41 PM
To: winanjaya@lippogeneral.com
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] How to configure squid for denying users
tododownload process for specified time range?

Did you correct the small typo?
(see the output of squid -k parse)

Regards
Henrik

On Friday 23 May 2003 04.53, Winanjaya wrote:
> Hello Henrik,
> I have followed the codes you suggested ..but the same problem
> still occurs (I mean .. nodownload still can do download process,
> what I need is nodownload is contained the IP addresses who can
> browse to the internet but they are not allowed to download files
> from the internet) ..
>
> acl download urlpath_regex -i \.zip$
> acl office_hours time 09:00-17:00
> acl GET method GET
>
> acl itperson src 192.168.1.88 192.168.1.89
> acl nodownload src 192.168.1.10 192.168.1.11
>
> http_access deny nodownload GET office_hour
> http_access allow nodownload
> http_access allow itperson
> http_access deny all.
>
> many thanks in advance
>
> Regards
> Winan
>
>
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Thursday, May 22, 2003 6:21 PM
> To: winanjaya@lippogeneral.com
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] How to configure squid for denying users
> tododownload process for specified time range?
>
> tor 2003-05-22 klockan 11.34 skrev Winanjaya:
> > http_access allow it_user1
> > http_access allow it_user2
> > http_access allow nodownload1
> > http_access allow nodownload2
> >
> > http_access deny GET office_hours nodownload1 nodownload2
> > http_access deny all
>
> There is two errors here:
>
> a) You have already allowed access in the lines above.. the order
> of you http_access rules is important. The first matching
> http_access line tells if the request is allowed or denied.
>
> b) nodownload1 and nodownload2 is conflicting. A single request
> cannot come both from src 192.168.1.10 and src 192.168.1.11.
>
> What you should do is to
>
> 1. Move the http_access deny line up before your allow lines.
>
> 2. Merge your nodownload* acls into one single nodownload acl
> including all the ip addresses. You should probably also do the
> same with the it_user* acls..
>
>
> Which gives a configuration looking something like this:
>
>
> acl download urlpath_regex -i \.exe$
> acl office_hours time 09:00-17:00
> acl GET method GET
>
> acl it_user src 192.168.1.88 192.168.1.89
>
> acl nodownload src 192.168.1.10 192.168.1.11
>
>
> http_access deny nodownload GET office_hour
> http_access allow nodownload
>
> http_access allow it_user
>
> http_access deny all.
>
>
> Note: You may split the acl definitions on multiple lines if you
> prefer.
>
> acl nodownload src 192.168.1.10
> acl nodownload src 192.168.1.11
>
> Or have the IP addresses in a separate file (one address per line)
>
> acl nodownload src "/path/to/nodownload.txt"
>
> Regards
> Henrik

--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
----------------------------------------- (on viruswall.lippogeneral.com)
Powered by Interscan VirusWall
---------------------------------------------------------
Received on Fri May 23 2003 - 01:56:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:54 MST