Re: [squid-users] access control issues

From: Dustin <deviousz@dont-contact.us>
Date: Thu, 12 Jan 2006 18:14:30 -0800

Still no answers, what good is this list?

On 1/5/06, Dustin <deviousz@gmail.com> wrote:
> > You don't explain which group is supposed to do what. So I'll guess.
> >
>
> 'Full_InetAllow' has full inet access, 'de_InetAllow' should be
> limited to a few sites.
>
> > This ACL is invalid (I wonder why Squid didn't complain). Either it's
> >
> > acl localnet proxy_auth REQUIRED
> >
> > or
> >
> > acl localnet src 10.100.3.0/24
> >
>
> It works though :)
>
> > >
> > > When I tried the following, squid would not start:
> >
> > Why not? Which errors occur?
> >
>
> Its not bombing out anymore, perhaps the server reboot changed that.
>
> > > acl de_urls dstdomain .fedex.com .ups.com
> > > acl de_InetAllow external win_domain_group Web_access_dataentry
> > > http_access allow de_InetAllow de_urls
> > > http_access deny all
> >
> > This would mean you allow access to the de_urls for members of the
> > Web_access_dataentry group. Everyone else is denied access.
>
>
> Yes, that is what I'd like to accomplish, limit the sites which this
> group 'de_InetAllow' can access.
>
> I just tried this but did not work either:
>
> ==
> acl localnet proxy_auth REQUIRED
> acl de_urls dstdomain .fedex.com .ups.com
> acl de_InetAllow external win_domain_group Web_access_dataentry
> http_access allow de_InetAllow de_urls
> acl Full_InetAllow external win_domain_group Web_access_full
> http_access allow Full_InetAllow
> ==
>
> FYI, I am still able to go anywhere w/ a user in the 'Full_InetAllow' group.
>
> Any ideas?
>
> -Dustin
>
Received on Thu Jan 12 2006 - 19:14:38 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST