Re: allowing users to access particular domains

From: Joel Taqueban <jtaqueba@dont-contact.us>
Date: Mon, 03 Jul 2000 20:52:17 +0800

Thanks Ilker,

It does work with restricting client IP addresses. However, what we
very much want is restricting it at user level? I've tried placing,
the . (dot) on fedex.com but still that didn't help. How do I prevent
users 1 - 4 from accessing sites beyond what is allowed only for them?
And users 5-6 which can access any site?

Thanks and regards,
Joel

Ilker Gokhan wrote:

> Ohh.. It should work. it has been worked at my attempts with client IP
> instead of ident user. Also:use the following name with dot.fedex.com
> this mean that only hostname--> .fedex.com this mean that domain
> name.yahoo.com --> .yahoo.comBest regards.Ilker G.
>
> -----Original Message-----
> From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
> Sent: Thursday, June 22, 2000 3:27 AM
> To: Ilker Gokhan; squid-users@ircache.net
> Subject: Re: allowing users to access particular domains
> Thanks Ilker,
>
> I tried that but still users 1-4 could access the whole
> net. Anything else I need to look into?
>
> Joel
>
> R.Ilker Gokhan wrote:
>
> >
> >
> > >-----Original Message-----
> > >From: Joel Taqueban [mailto:jtaqueba@apme-ops.dhl.com]
> > >Sent: Thursday, June 01, 2000 1:48 PM
> > >To: squid-users@ircache.net
> > >Subject: allowing users to access particular domains
> >
> > gets to access:
> > > user1, user2 only www.fedex.com
> > www.ups.com
> > > user3, user4 only the above sites
> > pus: cnn.com
> > yahoo.com
> > > user5, user6 all sites
> >
> > >where the above users are valid users from my ldap
> > server.
> > >I tried defining this on my squid.conf file.
> > >acl allowedsites1 dstdomain fedex.com ups.com
> > >acl allowedsites2 dstdomain fedex.com ups.com yahoo.com
> > cnn.com
> > >acl customer_service ident user1 user2
> > >acl supervisors ident user3 user4
> > >acl management ident user5 user6
> > >http_access allow allowedsites1 customer_service
> > >http_access allow allowedsites2 supervisors
> > >http_access allow management
> >
> > Try:
> > remove this line : http_access allow management
> > http_access deny all !management
> >
> > remove : >http_access deny all
> >
> > >However, user1 to user4 still could access sites that
> > should have been restricted for them.
> > >What seems to be wrong with my ACL above? Do I have the
> > right http_access definition for user5 >and user6 who are
> > in 'management' ACL?
> >
> > >Joel
> >
> > Ilker G.
> > P.S please don't send mail with HTML format.
>
Received on Mon Jul 03 2000 - 06:48:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:20 MST