Hi all,
My problem is that my acl for Pusr(power users) for denying access to facebook & youtube in office hours is not working may be there is a conflict in the definition of time. Also please guide me that if i have done it alright or there are mistakes in the file and optimization overall is must/recommended and how/what.
regards,
// puser= power users in my office ( which need few restrictions only)
// Fcusr= Admins (which require no restrictions at all)
//Rusr= Users with least rights and most restrictions.
Also @amos domainname instead of ip recommended am still confused what if you dont have a public domain name? and what if you dont have a public ip on the squid machine ( please guide it would be real beneficial for clearing my concepts)
visible_hostname 10.1.82.53
cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query
http_port 10.1.82.53:3128
never_direct allow all
cache_effective_user proxy
cache_mgr bilal.aslam_at_mcb.com.pk
coredump_dir /var/sppol/squid3
cache_dir ufs /var/squidcache 50000 16 256
cache_swap_low 75
cache_mem 1000 MB
maximum_object_size 195 MB
minimum_object_size 12 bytes
cache_replacement_policy lru
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl localServers dst 10.1.82.0/24 10.1.80.0/24 10.1.245.0/24
#acl localServers dstdomain .bla.bla.com
no_cache deny LocalServers
acl Query urlpath_regex cgi-bin \?
cache deny Query
hierarchy_stoplist cgi-bin ?
acl manager proto cache_object
http_access allow manager
http_access deny manager
acl OverConnLimit maxconn 10
http_access deny OverConnLimit
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
http_access allow localhost
acl SSL_ports port 443 #https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl FcUsr src "/etc/squid3/FcUsr.conf"
acl PUsr src "/etc/squid3/PUsr.conf"
acl RUsr src "/etc/squid3/RUsr.conf"
acl Working_hours time MTWHF 09:00-17:00
acl inlunchbreak time 13:00-14:30
####----Definitions for BlockingRules----#####
###Definition of MP3/MPEG
acl FTPMP3 url_regex -i ^ftp://.*\.mp3$
acl Movies rep_mime_type video/mpeg
acl MP3s rep_mime_type audio/mpeg
###Definition of Flash Video
acl deny_rep_mime_flashvideo rep_mime_type video/flv
###Definition of Porn
acl Sex urlpath_regex sex
acl PornSites url_regex "/etc/squid3/pornlist"
####Definition of YouTube.
## The videos come from several domains
acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com
###Definition of FaceBook
acl facebook_sites dstdomain .facebook.com
#### Definition of MSN Messenger
acl msn urlpath_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type application/x-msn-messenger
####Definition of Blockig Skype
acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype^
##Definition of Yahoo! Messenger
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim
## Other protocols Yahoo!Messenger uses ??
acl ym dstdomain .skype.com .imvu.com
###Disallowing download of executables from web#####
###---------------------------------------------########
http_access deny PornSites RUsr
http_access deny PornSites PUsr
http_access deny Sex RUsr
http_access deny Sex PUsr
http_access deny msnd PUsr
http_access deny msnd RUsr
http_access deny msn PUsr
http_access deny msn RUsr
http_access deny msn1 PUsr
http_access deny msn1 RUsr
http_access deny numeric_IPs PUsr
http_access deny numeric_IPs RUsr
http_access deny Skype_UA PUsr
http_access deny Skype_UA RUsr
http_access deny ym RUsr
http_access deny ym PUsr
http_access deny ymregex RUsr
http_access deny ymregex PUsr
#----Most Restricted settings Exclusive for Normal users......#
http_reply_access deny Movies RUsr
http_reply_access deny MP3s RUsr
http_access deny FTPMP3 RUsr
http_reply_access deny deny_rep_mime_flashvideo RUsr
http_access deny youtube_domains RUsr
http_access deny facebook_sites RUsr
http_access allow youtube_domains inlunchbreak PUsr
http_access allow facebook_sites inlunchbreak PUsr
http_access deny youtube_domains PUsr Working_hours
http_access deny facebook_sites PUsr Working_hours
http_access allow FcUsr
http_access allow PUsr
http_access allow RUsr
http_access deny all
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
Received on Wed Mar 10 2010 - 10:01:48 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 12:00:06 MST