Hi ,
I am now running squid with ncsa_auth.
I have bound ip addresses to usernames. So users now can access Internet from their ips.
Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com, bbc.com. I want to limit in that way.
I have wriiten below rules. But those users still can access all the sites.
external_acl_type ip_user %SRC %LOGIN %DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf
acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST
http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users
my ip.conf file is like this. [root@worldnet squid]# cat /etc/squid/ip.conf 192.168.101.25 indunil .google.com .bbc.com .cnn.com 192.168.101.90 www90
Accoring to the above file, User indunil with ip address 192.168.101.25 has access to google.com,bbc.com and cnn.com. But the user indunil still has access to all the sites.
How can I solve this?
Indunil Jayasooriya wrote:
Hi ,
I am now running squid with ncsa_auth.
I have bound ip addresses to usernames. So users now can access Internet from their ips.
Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com, bbc.com. I want to limit in that way.
I have wriiten below rules. But those users still can access all the sites.
For this kind of control, I use Squidguard. However, Squidguard does control computers, not users (though in practice, I don't think one can reliably control users).
On Mon, 2007-03-26 at 13:59 +0530, Indunil Jayasooriya wrote:
Hi ,
I am now running squid with ncsa_auth.
I have bound ip addresses to usernames. So users now can access Internet from their ips.
Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com ,bbc.com. I want to limit in that way.
I have wriiten below rules. But those users still can access all the sites.
external_acl_type ip_user %SRC %LOGIN % DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf
acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST
http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users
my ip.conf file is like this. [root@worldnet squid]# cat /etc/squid/ip.conf 192.168.101.25 indunil .google.com .bbc.com .cnn.com 192.168.101.90 www90
Accoring to the above file, User indunil with ip address 192.168.101.25 has access to google.com,bbc.com and cnn.com. But the user indunil still has access to all the sites.
How can I solve this?
I think you probably need to combine a few rules together. Consider the following
acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST acl ALLOWED_DOMAINS url_regex -i google.com bbc.com cnn.com
http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users ALLOWED_DOMAINS http_access allow ncsa_users ALLOWED_DOMAINS http_access deny all
Basically, a new ACL was added and the corresponding http_access test, it will only
(a) be allowed IF it fulfilled the test of being an ip_users and going to a domain as defined in the ALLOWED_DOMAINS acl
~ or ~
(b) be allowed IF it fulfilled the test of being an ncsa_users and going to a domain as defined in the ALLOWED_DOMAINS acl
Hope this helps.
Hi,
I think you probably need to combine a few rules together. Consider the following
acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST
acl ALLOWED_DOMAINS url_regex -i google.com bbc.com cnn.com
http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users ALLOWED_DOMAINS http_access allow ncsa_users ALLOWED_DOMAINS http_access deny all
These rules say that ALL the ips have access to google.com bbc.com cnn.com.
That is not What I want.
This is my senario.
There are about 50 users browsing internet. 3 users out of those 50 misuse internet. So I only want to limit these 3 users. Let's say their ips are 192.168.101.25, 192.168.101.26, 192.168.101.30
Now I want to limit these 3 users' internet acsess to google.com bbc.com cnn.com. AND, the rest of users should have access to whole wolrd.
I wrote below rules. Pls check !!
external_acl_type ip_user %SRC %LOGIN /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf
acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN
acl clientips src 192.168.101.25 92.168.101.26 192.168.101.30 acl allowedsites url_regex -i "/etc/squid/allowedsites.txt"
http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users clientips http_access allow ip_users allowedsites http_access allow ncsa_users clientips http_access allow ncsa_users allowedsites http_access deny clientips
my etc/squid/allowedsites.txt is like this. [root@worldnet ~]# cat /etc/squid/allowedsites.txt google.com bbc.com cnn.com
But, It still does not work.
Pls help me to solve this issue.
Basically, a new ACL was added and the corresponding http_access test, it will only
(a) be allowed IF it fulfilled the test of being an ip_users and going to a domain as defined in the ALLOWED_DOMAINS acl
~ or ~
(b) be allowed IF it fulfilled the test of being an ncsa_users and going to a domain as defined in the ALLOWED_DOMAINS acl
Hope this helps.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Indunil Jayasooriya -
John Summerfield -
Roy Ong