Re: [squid-users] Restricting certain users to certain urls

  Dear friends,

    I have successfully created the acls to restrict users to certain
urls. But there seems to be a problem whenever the urls contain a "/"
symbol in it. All the sites that has a "/" in it are denied eventhough I
had listed it as allowed sites. Some of the examples are as follows:

_https://metoc.npmoc.navy.mil/jtwc.html
http://www.wline.co.jp/
http://www.coi.gov.cn/
_

_
_

Other sites such as google.com, yahoo.com works well. Before when I
tried with squidguard, the same problem occured, anyone knows what is
the problem and if can be resolved? Also is it possible to redirect all
the blocked sites to a certain url?

Really thankful for helping, thanks a lot.

Yong

_
_

_
_

>-----Original Message-----
>> From: Yong Bong Fong [mailto:bfyong@shinyang.com.my]
>> Sent: Tuesday, September 13, 2005 5:02 PM
>> To: squid-users@squid-cache.org
>> Subject: Re: [squid-users] Restricting certain users to certain urls
>>
>>
>> Hi Christoph,
>>
>> I got problem again. Squidguard acl was problematic it
>> didn't work
>> quite well. Now I am trying on Squid acl to restrict certain users to
>> certain urls. I also have ldap authentication for my squid. Following
>> are my acls:
>>
>> acl abc ident andy
>> acl blocksites dstdomain .google.com
>>
>> http_access deny abc blocksites
>> http_access allow ldap_group-www
>
>
>
>Change these lines to...
>
>acl abc proxy_auth andy
>acl allowsites dstdomain .google.com
>
>http_access allow abc allowsites # Allow andy to surf google
>http_access deny abc # Prevent andy from surfing elsewhere
>http_access allow ldap_group-www # Allow ldap_group-www to surf
>
>
>
>>>
>>> What I am trying to achieve is to only allow Andy (who is
>>> grouped in abc
>>> above) to access google.com only. Other sites are blocked for him. I
>>> tried it but it didn't work quite well, it does block
>>> google.com but not
>>> just for andy, it blocks all other users too.
>>> Apparently the problem must be something to do with the "acl
>>> abc ident
>>> andy". When I retsarted squid the first time after changing the
>>> configuration, its fine. But second time the following
>>> message came out:
>>>
>>> # service squid restart
>>> Stopping squid: 2005/09/14 08:48:49| squid.conf line 1791:
>>> acl abc ident
>>> bfyong
>>> 2005/09/14 08:48:49| aclParseAclLine: Invalid ACL type 'ident'
>>> 2005/09/14 08:48:49| squid.conf line 1821: http_access allow
>>> abc blocksites
>>> 2005/09/14 08:48:49| aclParseAccessLine: ACL name 'abc' not found.
>>>
>>> Any idea what is wrong? seems like it is not checking the username
>>> thingi to do the acl.....
>>> please help me to identify my problem..thanks a lot for
>>> taking time helping.
>>> thanks a lot...
>>>
>>>
>>
>>
>
>You are not using ident to gather usernames (instead it looks like you are using a basic authenticator) so you need to use proxy_auth acls.
>
>Chris
>
>
>
Received on Wed Sep 14 2005 - 19:53:31 MDT