I would like to setup squid as follows :
Group 1 users (10.1.1.10 and 10.1.1.11) only able to access 2 URLs
(http://intranet.abc.com/abc and http://apps.intranet.abc.com/abc) and 1
domain (interdept.abc.com)
Group 2 users (10.1.1.12 and 10.1.1.13) only able to access 2 URLs
(http://intranet.abc.com/def and http://apps.intranet.abc.com/def)
Group 3 users (10.1.2.20 and 10.1.2.21) only able to access 2 URLs
(http://intranet.abc.com/xyz and http://apps.intranet.abc.com/xyz)
All 3 groups can access URL http://public.abc.com/abc and domain
public.def.com
All other users in 10.1.1.x and 10.1.2.x are not allow to access anything.
All other users not in the above group (10.1.3.x, 10.1.4.x, etc) can access
everything on the intranet.
Is my following configuration correct:
Thank you.
acl clients-seg-1 src 10.1.1.0/8
acl clients-seg-2 src 10.1.2.0/8
acl common-allow-url url_regex http://public.abc.com/abc
acl common-allow-domain dstdomain public.def.com
http_access deny clients-seg-1 clients-seg-2 !clients-grp1 !clients-grp2
!clients-grp3
acl clients-grp1 src 10.1.1.10 10.1.1.11
acl clients-grp1-allow-domain dstdomain interdept.abc.com
acl clients-grp1-allow-url url_regex http://intranet.abc.com/abc
http://apps.intranet.abc.com/abc
http_access allow clients-grp1 clients-grp1-allow-domain
clients-grp1-allow-url common-allow-url common-allow-domain
http_access deny clients-grp1 !clients-grp1-allow-domain
!clients-grp1-allow-url !common-allow-url !common-allow-domain
acl clients-grp2 src 10.1.1.12 10.1.1.13
acl clients-grp2-allow-url url_regex http://intranet.abc.com/def
http://apps.intranet.abc.com/def
http_access allow clients-grp2 clients-grp2-allow-url common-allow-url
common-allow-domain
http_access deny clients-grp2 !clients-grp2-allow-url !common-allow-url
!common-allow-domain
acl clients-grp3 src 10.1.2.20 10.1.2.21
acl clients-grp3-allow-url url_regex http://intranet.abc.com/xyz
http://apps.intranet.abc.com/xyz
http_access allow clients-grp3 clients-grp3-allow-url common-allow-url
common-allow-domain
http_access deny clients-grp3 !clients-grp3-allow-url !common-allow-url
!common-allow-domain
http_access allow all
_________________________________________________________________
Get the new Windows Live Messenger! http://get.live.com/messenger/overview
Received on Fri May 18 2007 - 06:35:38 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT