On Tuesday 10 January 2006 19:13, David Lynum wrote:
> I've created ACL's in squid to keep my users from going to certain
> websites during certain parts of the day. The acl's are working just
> fine. But is there a way to kick those same users off of these acl
> restricted sites if they already happen to be on the site when the acl
> kicks in? Let's say the the acl restricts users from visiting a
> particular website from 4PM-6PM. If the users are already on the site
> at 3:59PM, once 4PM hits, so far they're still able to browse the site.
I think you have a misunderstanding here. Squid (and anything that uses
HTTP) has no notion of "sessions" or "being on the site". Every request is
unique and without the help or cookies or username/password authentication
you wouldn't know anything about a special user.
That boring disclaimer aside. What kind of ACLs are you using? In case of
internal (fast) ACLs (like 'src') this doesn't make much sense. In case of
using external (e.g. LDAP group lookups) ACLs you usually have a TTL
(time-to-live) defined on an ACL which tells Squid how many minutes a
certain ACL is "fresh" (still valid). So if an ACL membership/decision is
still stored by Squid then the user will be determined to be in a certain
category until the TTL expires and the information is queried once again.
Temporarily set the TTL to a very low value and see if it fixes your
problem.
> Of course once they leave the site they can't get back in though until
> after 6PM.
Sorry, this sounds wrong. How should Squid know if the user "leaves the
site"?
Perhaps you can elaborate.
Kindly
Christoph
-- Never trust a system administrator who wears a tie and suit.Received on Tue Jan 10 2006 - 13:16:28 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST