[squid-users] Re: Re: squid time acls + auth acls

From: Adam Aube <aaube01@dont-contact.us>
Date: Thu, 09 Dec 2004 15:04:54 -0500

Alberto Sierra wrote:
> On Thu, 02 Dec 2004 21:41:33 -0500, Adam Aube <aaube01@baker.edu> wrote:

>> BTW, why are you using "localhost" in all the http_access lines? You do
>> realize that will only match if the client is running on the same
>> physical system as Squid, right?

> thanks Adam, i'm aware of the localhost, but that is because of the
> dansguardian that runs on the same machine, so the acls only work if
> coming from the dansguardian and i can set the vip clients to connect
> to port 3128 skipping the content manager.

> i already set it up like this

> acl safe_list dstdomain "/etc/squid/safe_list"
> acl ViP src 10.1.1.40-10.1.1.47/32
> acl work time MTWHF 15:00-19:50
> acl time1 time A 00:00-23:59
> acl time2 time S 10:10-11:10
> acl time3 time S 13:25-14:15
> acl time4 time S 15:00-16:30
>
> http_access allow ViP
> http_access allow safe_list
> #http_access allow localhost password
> http_access deny localhost work
> http_access deny localhost time1
> http_access allow localhost time2
> http_access allow localhost time3
> http_access allow localhost time4
>
> as you see i had to coment out localhost password because the idea was
> to have the password promt ONLY when there is time restriction, but i
> dont know how to set this up

Ok. The order is important here. Move the commented-out http_access list to
the end of the list, then comment out the two "http_access deny" lines.

Adam
Received on Thu Dec 09 2004 - 13:04:59 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST