Re: [squid-users] ACL ?

From: Simon White <simon@dont-contact.us>
Date: Thu, 28 Mar 2002 18:37:09 +0000

28-Mar-02 at 13:22, Bill Whittaker (bill@sals.edu) wrote :
> I am wanting to restrict html access based on src and destination,
> Wanting to create a controlled group of IP's that can only go to certain
> URL's
> but also wanting to create a group of IP's that have full access.

This is possible.

> I have been reading some of the docs and find them quite confusing.
> The sites that I am going to this on have a Linux/Squid box running in
> accelerator mode now and I
> wish to use that.

Your friends are:

acl myaclname dst <ipaddress>
acl myaclname src <ipaddress>
acl myaclname dstdomain <domain>

and perhaps...

acl myaclname url_regex <regular expression>
acl myaclname urlpath_regex <regular expression>

ACLs just define a number of parameters to be used in "access" lines later
on. Regular expressions, if you're not familiar with them, need a bit of
research.

url_regex is based on the WHOLE address, urlpath_regex is based on what
comes after the actual address.

If I have understood your question correctly, you will want:

acl restrictedpeople src 10.0.0.0/255.255.255.0
acl fullaccess src 10.0.1.0/255.255.255.0
(replace these with your ip and mask combinations)

Then you will need some dstdomain acls for the sites you are going to
allow

acl sitesforall dstdomain .linux.com
(just linux.com :) but you can even source a file here)

then

http_access allow restrictedpeople sitesforall
http_access allow fullaccess
http_access deny all

Something like that. HTH.

-
[Simon White. vim/mutt. simon@mtds.com. GIMPS:58.86% see www.mersenne.org]
Sometimes we sit and read other people's interpretations of our lyrics and
think, 'Hey, that's pretty good.' If we liked it, we would keep our mouths
shut and just accept the credit as if it was what we meant all along.
  -- John Lennon.
Received on Thu Mar 28 2002 - 11:37:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:11 MST