[squid-users] Re: Proxy & Authenication help from Amos Jeffries on 2010-11-05 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 06 Nov 2010 02:59:12 +1300

On 04/11/10 21:13, Edmonds Namasenda wrote:
>
> If I were to add ACLs with some an I.P Addresses to access the
> internet
> without any restrictions, how can I go about that?
>
>
> By creating ..
>
> # "an ACL listing the IPs ..."
> acl foo src ...
>
> Are the below right ACLs?
> acl foo src 10.100.10.3, 10.100.10.6, 10.100.10.15-10.100.10.27
> acl fop src 10.100.10.7, 10.100.10.28-10.100.10.100
>

Without the commas that would be two valid src ACL definitions for some
IPs and ranges.

I don't know any details about how your network is designed to say
whether they are right.

> # " ... and allowing them access first ..."
> http_access allow foo
>
> If I am to use authentication with NCSA user file (ncsa_access) so that
> foo log-in but access internet freely throughout the day and week while
> fop log-in though restricted on accessed URLs ACL (nowww) and controlled
> downloads ACL (nodwnld) within time limits of whrs1 and whrs2, how do I
> set that up?

Um. It's time you learn about Squid ACL, how they work and how to create
them to a policy.

References:
  http://wiki.squid-cach.eorg/SquidFaq
  http://www.squid-cache.org/Doc/config/acl/
  http://www.squid-cache.org/Doc/config/http_access/
  http://www.squid-cache.org/Doc/config/auth_param/

Start by taking that big paragraph above and breaking it down into a
series of policy rules. Write those rules in order from most important
to least important.

> If I am to use authentication with NCSA user file (ncsa_access) so that

... start with the authentication settings that use NCSA to check that
file and an ACL definition that checks users login.

> foo log-in but access internet freely throughout the day and week while

Does that mean foo are always logged in with no other restrictions
during your times?
Or that they are not even asked to login at certain times?

As you can imagine very different things, with different config.

> fop log-in though restricted on accessed URLs ACL (nowww) and controlled
> downloads ACL (nodwnld) within time limits of whrs1 and whrs2,

... how would you break that up or change it to into statements of "X
can happen" or "Y must not happen" ?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.2

Received on Fri Nov 05 2010 - 13:59:18 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 05 2010 - 12:00:02 MDT