Re: [squid-users] problem with custom pages and acl

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 14 Dec 2001 22:51:50 +0100

dey_info looks for individual ACL names, not lists like http_access. The
ACL name deny_info looks for is the last one on the line where access
was denied.

So in the case

http_access deny students !okTime

the deny_info ACL name is okTime

Note: I would insert some src based access before the first http_access
allow line to make sure it is only users in your networks who attempt to
use the proxy. But if you are firewalled then no problem.

A minor note: some of the "allow,deny" tuples can be optimized slightly
to make the rule set more consistent

from
   http_access allow noport
   http_access deny porn
to
   http_access deny !noporn porn

from
   http_access allow downloaders
   http_access deny downloads

to
   http_access deny downloads !downloaders

Regards
Henrik Nordström
MARA Systems AB, Sweden

Mark Worsdall wrote:
>
> These are my acl's:-
>
> acl advertimages url_regex "/usr/local/etc/squid/adverts.txt"
> acl deniedsites url_regex "/usr/local/etc/squid/squid-deny.txt"
> acl allowedsites url_regex "/usr/local/etc/squid/squid-allow.txt"
> acl porn url_regex "/usr/local/etc/squid/porn.block.txt"
> acl noporn url_regex "/usr/local/etc/squid/porn.unblock.txt"
> acl antiworms url_regex "/usr/local/etc/squid/wormblocking.txt"
> acl downloads urlpath_regex "/usr/local/etc/squid/download-deny.txt"
>
> acl okTime time MTWHF 09:00-18:30
> acl downloaders proxy_auth "/usr/local/etc/squid/download-users"
> acl students proxy_auth "/usr/local/etc/squid/student.users"
> acl staff proxy_auth "/usr/local/etc/squid/staff.users"
> acl volunteers proxy_auth "/usr/local/etc/squid/volunteer.users"
> acl password proxy_auth 300
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> http_access allow allowedsites
> http_access deny deniedsites
> http_access deny advertimages
> http_access deny antiworms
> http_access allow noporn
> http_access deny porn
> http_access allow downloaders
> http_access deny downloads
> http_access deny !students !staff !volunteers
> http_access deny students !okTime
>
> deny_info ERR_DOWNLOAD_ACCESS_DENIED downloads
> deny_info ERR_PORN_ACCESS_DENIED porn
> deny_info ERR_HHDENY_ACCESS_DENIED deniedsites
> deny_info ERR_ADVERT_ACCESS_DENIED advertimages
> deny_info ERR_STUDENT_ACCESS_DENIED students !okTime
>
> When the acl rule "http_access deny students !okTime" is happening the
> custom error page ERR_STUDENT_ACCESS_DENIED doesn't appear, just the
> normal ERR_ACCESS_DENIED page appears.
>
> All others work/display ok. Is this becuase it is an acl that is made up
> of 2 acl?
>
> --
Received on Fri Dec 14 2001 - 14:51:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:21 MST