[squid-users] ACLs Implementation help

From: Edmonds Namasenda <namasenda_at_gmail.com>
Date: Thu, 11 Nov 2010 13:39:09 +0300

Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 09/11/10 20:25, Edmonds Namasenda wrote:
>>
>> Dear all.
>> Using openSuse 11.2 and Squid 3.0 Stable 18
>>
>> Besides commenting out anything to do with 'localnet', below is all that
>> I added or edited on squid.conf
>>
>> # Authentication Program
>> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
>>
>> # Start ACLs (bottom of ACL section defaults)
>> acl passt proxy_auth REQUIRED        # Authentication file to be used
>> "passt"
>> acl net_ed src 10.100.10.0/24 <http://10.100.10.0/24> 192.168.7.0/24
>> <http://192.168.7.0/24> 10.208.6.0/24 <http://10.208.6.0/24>        # My
>> networks
>> acl dove src 10.100.10.248-10.100.10.255        # Unrestricted Internet
>> access I.P range
>> acl whrs1 time MTWHF 9:00-12:59        # Morning work shift
>> acl whrs2 time MTWHF 13:00-16:59        # Afternoon work shift

meant to be ...
acl whrs2 time MTWHF 14:00-16:59

>> acl nowww dstdomain "/etc/squid/noWWW"        # Inaccessible URLs file path
>> acl nodwnld urlpath_regex "/etc/squid/noDWNLD"        # Unavailable
>> downloads file path
>>
>> # End ACLs
>>
>> # Start http_access Edits (top of http_access section defaults)
>> http_access allow dove        # Internet access without authentication,
>> denied URLs or download restrictions
>> http_access deny nowww whrs1 whrs2        # Deny URLs during work shifts
>
> Um, this means that when the clock says simultaneously that it is both morning AND afternoon...
>
> ... to deny with an OR combine the time periods into one ACL name or split the http_access into two lines.

http_access deny nowww whrs1
http_access deny nodwnld whrs1
http_access deny nowww whrs2
http_access deny nodwnld whrs2
... works great so far as tested.

> Amos

How do I enforce password authentication ONLY ONCE for users to
internet access using file "passt"?
http_access allow passt net_ed  ?!

--
Thank you and kind regards,
I.P.N Edmonds
Cel:    +256 70 227 3374
           +256 71 227 3374
Y! / MSN: zibiced | GMail: namasenda | Skype: edsend
Received on Thu Nov 11 2010 - 10:39:11 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 11 2010 - 12:00:06 MST