Re: [squid-users] access control issues

From: Dustin <deviousz@dont-contact.us>
Date: Thu, 5 Jan 2006 12:05:26 -0800

> You don't explain which group is supposed to do what. So I'll guess.
>

'Full_InetAllow' has full inet access, 'de_InetAllow' should be
limited to a few sites.

> This ACL is invalid (I wonder why Squid didn't complain). Either it's
>
> acl localnet proxy_auth REQUIRED
>
> or
>
> acl localnet src 10.100.3.0/24
>

It works though :)

> >
> > When I tried the following, squid would not start:
>
> Why not? Which errors occur?
>

Its not bombing out anymore, perhaps the server reboot changed that.

> > acl de_urls dstdomain .fedex.com .ups.com
> > acl de_InetAllow external win_domain_group Web_access_dataentry
> > http_access allow de_InetAllow de_urls
> > http_access deny all
>
> This would mean you allow access to the de_urls for members of the
> Web_access_dataentry group. Everyone else is denied access.

Yes, that is what I'd like to accomplish, limit the sites which this
group 'de_InetAllow' can access.

I just tried this but did not work either:

==
acl localnet proxy_auth REQUIRED
acl de_urls dstdomain .fedex.com .ups.com
acl de_InetAllow external win_domain_group Web_access_dataentry
http_access allow de_InetAllow de_urls
acl Full_InetAllow external win_domain_group Web_access_full
http_access allow Full_InetAllow
==

FYI, I am still able to go anywhere w/ a user in the 'Full_InetAllow' group.

Any ideas?

-Dustin
Received on Thu Jan 05 2006 - 13:05:27 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST