Landy Landy wrote:
> Hello.
>
> I am currently running squid Version 3.0.STABLE24 and is working really well. I block user's by ip address:
>
> acl registered src "/etc/msd/ipAllowed"
>
> http_access allow registered
> http_access deny all
>
>
> but, now I would like UNregistered clients to be able to access some specific websites for ie, my bank's web site so they can make a payment and some others.
>
> Can I do it like this:
>
> acl my_bank dstdomain www.mybank.com
> http_access allow my_bank
So you add that snippet as-is before the "deny all" line.
>
> Also, all ip addresses other than the registered are blocked with iptables as well. So, I guess I have to allow access to these website somehow.
>
Depends on which side of the firewall they are.
If as I suspect, you are running Squid as the access portal to
external sites, then no the firewall does not need to change. The
unknown visitors will have to go to/through Squid until they register.
If the unknowns are on the other side of the firewall from Squid then
yes it will need opening enough so they can get to your Squid.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.7 Beta testers wanted for 3.2.0.1Received on Wed Aug 25 2010 - 05:25:32 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 12:00:02 MDT