RE: [squid-users] How to configure squid for denying users tododownload process for specified time range?

Hello Henrik,
I have followed the codes you suggested ..but the same problem still occurs
(I mean .. nodownload still can do download process, what I need is
nodownload is contained the IP addresses who can browse to the internet but
they are not allowed to download files from the internet) ..

 acl download urlpath_regex -i \.zip$
 acl office_hours time 09:00-17:00
 acl GET method GET

 acl itperson src 192.168.1.88 192.168.1.89
 acl nodownload src 192.168.1.10 192.168.1.11

 http_access deny nodownload GET office_hour
 http_access allow nodownload
 http_access allow itperson
 http_access deny all.

many thanks in advance

Regards
Winan

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Thursday, May 22, 2003 6:21 PM
To: winanjaya@lippogeneral.com
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] How to configure squid for denying users
tododownload process for specified time range?

tor 2003-05-22 klockan 11.34 skrev Winanjaya:

> http_access allow it_user1
> http_access allow it_user2
> http_access allow nodownload1
> http_access allow nodownload2
>
> http_access deny GET office_hours nodownload1 nodownload2
> http_access deny all

There is two errors here:

a) You have already allowed access in the lines above.. the order of you
http_access rules is important. The first matching http_access line
tells if the request is allowed or denied.

b) nodownload1 and nodownload2 is conflicting. A single request cannot
come both from src 192.168.1.10 and src 192.168.1.11.

What you should do is to

1. Move the http_access deny line up before your allow lines.

2. Merge your nodownload* acls into one single nodownload acl including
all the ip addresses. You should probably also do the same with the
it_user* acls..

Which gives a configuration looking something like this:

 acl download urlpath_regex -i \.exe$
 acl office_hours time 09:00-17:00
 acl GET method GET

 acl it_user src 192.168.1.88 192.168.1.89

 acl nodownload src 192.168.1.10 192.168.1.11

 http_access deny nodownload GET office_hour
 http_access allow nodownload

 http_access allow it_user

 http_access deny all.

Note: You may split the acl definitions on multiple lines if you prefer.

 acl nodownload src 192.168.1.10
 acl nodownload src 192.168.1.11

Or have the IP addresses in a separate file (one address per line)

 acl nodownload src "/path/to/nodownload.txt"

Regards
Henrik

--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
----------------------------------------- (on viruswall.lippogeneral.com)
Powered by Interscan VirusWall
---------------------------------------------------------