Joel Taqueban wrote:
> Dear Ilker & squid users,
>
> I've got my squid ldap authentication working. Thanks a lot!
>
> But there's one thing I noticed: when I added the authentication I was
> surprised that the disallowed times for my users to access the
> Internet is no longer working - I mean they can now readily access
> the whole web even after the allowed times. Here's my ACLs and
> http_access definitions:
>
> I've tried making changes to the ACLs. Here is my complete list:
>
> authenticate_program /usr/local/squid/bin/squid_ldap_auth
> myldapserver
>
> acl all src 0.0.0.0/0
> acl ldap proxy_auth REQUIRED
> acl allowedsites dstdomain dhl.com
> acl allowedtimes time S M T W H F A 06:00-21:00
>
> http_access allow ldap
> http_access allow allowedsites
> http_access allow allowedtimes
> http_access deny all
this should look something like:
http_access allow allowedsites
http_access deny notallowedtimes
http_access allow ldap
http_access deny all
...as soon as squid matches an allow statement then it doesn't check any
more allow/deny statements and allows access, so you need to deny for
the times that people _can't_ access the whole web before your allow
statement...
Hope this is clear enough..
-Brian
Received on Thu May 04 2000 - 08:51:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:16 MST