You allow all ldap users access to everything without restrictions.
-- Henrik Nordstrom Squid hacker Joel Taqueban wrote: > > Thanks for the reply, > > I've tried making changes to the ACLs. Here is my complete list: > > acl all src 0.0.0.0/0 > acl ldap proxy_auth REQUIRED > acl allowedsites dstdomain dhl.com > acl allowedhosts src 199.40.218.10-15 > acl allowedtime time S M T W H F A 06:00-21:00 > > http_access allow ldap > http_access allow allowedhosts allowedsites > http_access allow allowedtime > http_access deny all > > did squid -k reconfigure but still those IPs could still access > non-DHL sites > And when I look into the cache.log file I can't see any warnings on > missing ACL declarations after re-reading the Squid conf file. I > even do a "squid --" and it doesn't return me about missing ACLs. > > Anything or anywhere I need to check please? > > Joel > > Henrik Nordstrom wrote: > > alowe@hislora.com.au wrote: > > > > try this modified stuff: > > > > > How do I define on my squid.conf file to restrict > particular IPs to > > > access only certain domains? > > > > > > I've tried doing the ff: > > > > > > acl allowedsites dstdomain dhl.com > > > acl allowedhost src 199.40.218.10-15/255.255.255.0 > > > > > ># Remove this line--> http_access allow allowedsites > > > http_access allow allowedhost allowed_sites > > > http_access deny all > > > > the line marked remove is actually allowing the > allowedsites to access > > anything, by just putting the second and third line, you > allow them to the > > allowed_sites but nowhere else... > > Not quite. > > The first line allows everyone access to the host dhl.com. > > The second line is bungled in two ways: > a) There is no allowed_sites ACL defined > b) The allowedsites ACL is wrongly defined if your intention > is to only > match those 6 addresses. The netmask masks out the addresses > and the ACL > matches the whole class-C subnet. IP host ranges are better > written > without any netmask. > > However, this does not explain the behaviour you are seeing. > > Is there any other http_access lines before your "deny all" > line? > Is there any warnings about missing ACL declarations in > cache.log when > Squid is starting up? > How is the ACL "all" defined? It SHOULD and MUST be defined > as > 0.0.0.0/0, nothing else. > > -- > Henrik Nordstrom > Squid hackerReceived on Wed May 03 2000 - 12:40:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:15 MST