[CentOS] How to limit a user to access a few sites.

Tue Mar 27 07:28:35 UTC 2007
Indunil Jayasooriya <indunil75 at gmail.com>

Hi,


>
> I think you probably need to combine a few rules together.
> Consider the following
>
> acl ncsa_users proxy_auth REQUIRED
> acl ip_users external ip_user %SRC %LOGIN %DST

> acl ALLOWED_DOMAINS url_regex -i google.com bbc.com cnn.com
>
> http_access deny !ncsa_users
> http_access deny !ip_users
> http_access allow ip_users ALLOWED_DOMAINS
> http_access allow ncsa_users ALLOWED_DOMAINS
> http_access deny all

These rules say that ALL the ips have access to google.com bbc.com cnn.com.

That is not What I want.

This is my senario.

There are about 50 users browsing internet. 3 users out of those 50
misuse internet.
So I only want to limit these 3 users.
Let's say their ips are 192.168.101.25, 192.168.101.26, 192.168.101.30

Now I want to limit these 3 users' internet acsess to google.com
bbc.com cnn.com.
AND, the rest of users should have access to whole wolrd.

I wrote below rules. Pls check !!

external_acl_type ip_user %SRC %LOGIN /usr/lib/squid/ip_user_check -f
/etc/squid/ip.conf

acl ncsa_users proxy_auth REQUIRED
acl ip_users external ip_user %SRC %LOGIN

acl clientips src 192.168.101.25 92.168.101.26 192.168.101.30
acl allowedsites url_regex -i "/etc/squid/allowedsites.txt"

http_access deny !ncsa_users
http_access deny !ip_users
http_access allow ip_users clientips
http_access allow ip_users allowedsites
http_access allow ncsa_users clientips
http_access allow ncsa_users allowedsites
http_access deny clientips

my etc/squid/allowedsites.txt is like this.
[root at worldnet ~]# cat /etc/squid/allowedsites.txt
google.com
bbc.com
cnn.com


But, It still does not work.

Pls help me to solve this issue.



> Basically, a new ACL was added and the corresponding http_access test,
> it will only
>
> (a) be allowed IF it fulfilled the test of being an ip_users and going
> to a domain as defined in the ALLOWED_DOMAINS acl
>
> ~ or ~
>
> (b) be allowed IF it fulfilled the test of being an ncsa_users and going
> to a domain as defined in the ALLOWED_DOMAINS acl
>
> Hope this helps.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
Thank you
Indunil Jayasooriya