[squid-users] problem with ACL.

Hi,

I have configure my Squid to work only for some time for one group of
users. I find that this is not being effective. Below is the squid conf file

############# SQUID DEFAULTS ############
http_port 8000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_log /var/log/squid/cache.log
debug_options ALL,1 33,2
debug_options ALL,1

############ AUTHENTICATIONS ###########
auth_param basic program /usr/lib/squid/ncsa_auth
/etc/squid/data/valid-users
auth_param basic children 5
auth_param basic realm Accord-Soft Proxy-caching Web Server
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off

request_body_max_size 50 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

########### ACCESS CONTROLS ###########

#### Format for Access Controls ####
## <acl username proxy_auth user id>
## <acl usertime time 9:00 - 14:00>
## <acl userurl url_regex website>
## <http_access allow username usertime userurl>

acl password proxy_auth REQUIRED

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl CONNECT method CONNECT

########## USER DEFINED ACLS ###########

## Authenticating Users #######
acl sunayna.j proxy_auth sunayna.j
acl vikramsingh proxy_auth vikram.singh

#### ACL TIMINGS #######
acl MorningTime time 08:00-09:00
acl EveningTime time 18:00-19:00
acl AfternoonTime time 13:00-15:00
acl OfficeTime time 09:00-18:00
acl SplMorningTime time 09:00-13:00
acl PrelunchTime1 time 11:00-12:00
acl PrelunchTime time 12:00-13:00

### Some more ACL's to Allow and Block the Sites ###
acl PornSites url_regex "/etc/squid/data/blocked-sites"
acl PornSites url_regex "/etc/squid/data/blocked-bad-words"
acl exceptions url_regex "/etc/squid/data/exceptions"
acl exceptions url_regex "/etc/squid/data/winupdates"
http_access allow exceptions
http_access deny PornSites
deny_info ERR_PORN_DENIED PornSites

acl FTPMP3 url_regex -i ^ftp://.*\.mp3$
http_access deny FTPMP3
acl HTPMP3 url_regex -i ^http://.*\.mp3$
http_access deny HTPMP3

acl Download_Blocking url_regex -i
\.(ADE|ADP|ASD|ASF|BAS|BAT|CMD|CPL|CRT|EML|HLP|HTA|INF|INS|ISP|LNK|MDB|MDE|MSC|MSG|MSI|MSP|MST|OCX|PCD|PIF|SCR|SCT|SH|SHB|SHS|SYS|VB|VBE|VBS|VCS|WMS|WMD|WMZ|WSC|WSF|WSH|PBL|TPL|mov|MOV|mp3|avi|AVI|wmv|WMV|wma|rar|RAR|CAB|cab)($|\?)

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny !password

### Access Goes Here #######
http_access allow vikasv PrelunchTime1
http_access allow vikramsingh PrelunchTime1
http_access allow sunayna.j PrelunchTime1

http_access deny all

cache_mgr netadmin_at_accord-soft.com
visible_hostname squid.accord-soft.com
coredump_dir /var/spool/squid
logfile_rotate 10
deny_info ERR_ACCESS_DENIED net-man

## End of Squid.conf file.

In this the timings "PrelunchTime1" does not seem to work. This means
that a user with this config cannot access Net before 11:00 AM, but he
can continue to browse even after 12:00 Noon .

Where are we making mistakes ?

Any help would be appreciable

Thanks

Jagdish

##############################################################################################################################################
The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination, copying or other use of, or taking any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited. If you have received this in error, please contact the sender and delete
the material from your system. Accord Software & Systems Pvt. Ltd. (ACCORD) is not responsible for any changes made to the material other
than those made by ACCORD or for the effect of the changes on the meaning of the material.
##############################################################################################################################################
Received on Tue Apr 28 2009 - 05:37:44 MDT