Re: [squid-users] user problem

From: espoire20 <zakariase2002_at_yahoo.fr>
Date: Wed, 15 Jul 2009 03:07:04 -0700 (PDT)

Chris Robertson-2 wrote:
>
> espoire20 wrote:
>> Matt Harrison-3 wrote:
>>
>>> espoire20 wrote:
>>>
>>>> have a small problem with squid in access list, I need to block an IP
>>>> address
>>>> of a machine does not connect to internet even if it has the address of
>>>> the
>>>> proxy and port in the Internet option is that it is possible ?
>>>>
>>>>
>>>> because I have some person who installs firefox mozzila he put the
>>>> address
>>>> of the proxy and the port it connects or it connects with a user of
>>>> another
>>>> person
>>>>
>>>> i use this but not working :
>>>>
>>>> acl user1 src 10.60.6.7
>>>> httpd_access deny user1
>>>>
>>> Try it with
>>>
>>> http_access deny user1
>>>
>>> HTH
>>>
>>> Matt
>>>
>>>
>> excuse me i mean http not httpd but not working
>>
>> I will explain you, I blocked internet for everyone ,if anyone wants
>> internet I add the proxy address and port in the explorer but I need
>> blocked
>> IP address not to access the internet even if it adds proxy ip and port
>> in
>> the explorer
>>
>> what we can do ???
>>
>
> Share the rest of your config (preferably without comments and blank
> lines), or read the FAQ on ACLs
> (http://wiki.squid-cache.org/SquidFaq/SquidAcl). You are likely
> allowing the traffic somewhere before the deny statement.
>
>> many thanks
>>
>
> Chris
>
>
>

this is my all acl that i have in my squid file :

# TAG: acl
acl ntlm proxy_auth REQUIRED

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl test src 10.60.6.7

# TAG: http_access
http_access allow ntlm

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_access deny test

# TAG: icp_access

icp_access allow localnet
icp_access deny all

# TAG: htcp_access

htcp_access allow localnet
htcp_access deny all

i don 't understand why i can't bloque this ip

thank you for your help

-- 
View this message in context: http://www.nabble.com/user-problem-tp24458799p24495056.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Jul 15 2009 - 10:07:07 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 15 2009 - 12:00:03 MDT