Re: [squid-users] New Admin

On Thu, 08 Oct 2009 18:50:14 -0400, Ross Kovelman
<rkovelman_at_gruskingroup.com> wrote:
>>>
>>> Thanks for all the help and noticing that time issue. I am now left
>>> with
>> 5
>>> issues and I should be done:
>>>
>>> 1) Apparently squid thinks its later in the day then it is. I have a
>> time
>>> server, can I sync it with that?
>>
>> Probably. Look it up in the NTP controls for your machine. Squid works
on
>> whatever the OS says the time is.
>> Also check all the other time related settings on the box (timezone,
>> local
>> vs universal, hardware clock settings etc) to make sure they are right.
>> One
>> common mistake is to set the HW clock to universal time and setting the
>> OS
>> to thinking its running HW clock in local time. Or the opposite.
>>
>>> 2) If #1 can be fixed I am not sure the times I have set are working
and
>>> being blocked
>>
>> This is statement. not a question. invent some tests.
>> I would suggest maybe trying to load a blocked website at certain times
>> of
>> the day?
>>
>>> 3) Those sites that are blocked, could I set up a way for certain users
>> to
>>> access those sites if they know a password? ie: victoriasecret.com is
>> not
>>> allowed but lets say a manager wanted to see it and he was given
>>> permission.
>>> Could I have a password prompt come up that he can enter in and gain
>>> access?
>>
>> Yes. Create an ACL for normal login. Adding it to the end of the line
>> For example:
>> ... login setup
>> acl loginACL proxy_auth REQUIRED
>> http_access deny our_networks bad_url workdays !loginACL
>>
>>
>>> 4) Most users here use sharepoint and I cant seem to get IE to get the
>>> authentication prompt. Any reasons why?
>>
>> Because SharePoint is part of the Office suite not part of the Internet
>> browser?
>>
>>> 5) Is there an easy way, instead of physically touching each computer
is
>>> there a way to have either DNS or something look at Squid before
routing
>>> the
>>> traffic?
>>
>> Please explain?
>> DNS does not depend on HTTP. More the other way around.
>>
>> Amos
>
> 1) Time is showing this:
> Generated Thu, 08 Oct 2009 22:33:02 GMT by squid.xxx.com
> (squid/2.5.STABLE10)
> It is actually 6:33, it should be 1800hrs not 2200hrs. This is on a Mac
> and
> the server shows the right time. Unless some how the "bios" clock is
off?
> Will need to verify
>
> 2-3) Ok so the blocking works just not right. Here is the lines:
> acl workdays time MTWHF 8:30-12:00
> acl workdays time MTWHF 13:30-18:00
> http_access deny bad_url workdays
> It seems that when it is 18:30 it blocks all web traffic. When it is not
> those times listed I need the web open for all traffic. Any ideas?

The one http_access config line cannot block all web access. Only requests
matching bad_url plus workdays at the same time. Something else is
blocking.

>
> 4) I don't follow you, can you explain more?

According to Wikipedia "SharePoint" is a brand name for a whole suite of
software services and programs.
Saying your users "use SharePoint" is like saying the "use Windows". Extra
details like How and For What, versions etc are needed.

>> Yes. Create an ACL for normal login. Adding it to the end of the line
>> For example:
>> ... login setup
>> acl loginACL proxy_auth REQUIRED
>> http_access deny our_networks bad_url workdays !loginACL
>
> 5)I will need to use WCCP. Anyone know how to get this to work on a Mac?

MacOSX is a variant of FreeBSD. Any of the WCCP config tutorials available
for BSD or Linux should be usable with minor alterations.

Amos
Received on Thu Oct 08 2009 - 23:20:44 MDT