LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-29-2004, 10:41 PM   #1
kemplej
Member
 
Registered: Dec 2003
Posts: 235

Rep: Reputation: 30
Squid ACL Question


I have a box running squid2.6stable at a customer's site. We currently use ncsa username/passwords to track users' sites. However they are now wanting to completely block internet access from 8pm to 8 am. How would I go about doing this?
 
Old 08-02-2004, 07:51 PM   #2
slidesystems
LQ Newbie
 
Registered: Aug 2004
Location: nigeria
Distribution: redhat
Posts: 6

Rep: Reputation: 0
hello,
plz i am trying to configure bandwith management and squid on linux machine. i dont want browsing bandwith to chop into call bandwith. need help on how to shape bandwith between the two and how to get squid well configured.
regards.

kaazzman@yahoo.com
 
Old 08-02-2004, 08:22 PM   #3
Ankheg
Member
 
Registered: Jul 2004
Location: Woodland Hills, CA
Distribution: Debian/Mandrake
Posts: 37

Rep: Reputation: 15
Learning as I go here...

An excerpt from squid.conf under the ACL tag information...
Code:
#       acl aclname time     [day-abbrevs]  [h1:m1-h2:m2]
#           day-abbrevs:
#               S - Sunday
#               M - Monday
#               T - Tuesday
#               W - Wednesday
#               H - Thursday
#               F - Friday
#               A - Saturday
#           h1:m1 must be less than h2:m2
I believe this combined with http_access is what you're looking for.

So, if you were to add these line (in the appropriate area, probably by the rest of the acl/http_access tags, after any specific allow designations, is my guess):
Code:
acl 8to8http time MTWHF 20:00-8:00
http_access 8to8http deny
I think that might be exactly what you're looking for. This is assuming you only want access during business hours...but you can probably see that it'd be easy to add/remove days and adjust times given this information.

As I understand it: The acl is an "access list" tag that can be defined in a large number of ways, with the time method being what you need in this specific instance. The http_access tag is simply a tag that will take the form of: http_access <previously defined acl> allow|deny.

Again, I must state that I really don't know here, but in the time I was looking at documentation and at the squid.conf itself (this is incredibly well documented compared to most config files), but I think this is along the lines of what you need.
 
Old 08-02-2004, 08:24 PM   #4
Ankheg
Member
 
Registered: Jul 2004
Location: Woodland Hills, CA
Distribution: Debian/Mandrake
Posts: 37

Rep: Reputation: 15
Oh...

I guess the other quick and dirty way to get this done might be a cron job that would swap out /etc/hosts.allow and /etc/hosts.deny... However, I would only use that as a last resort since that seems not only very hackish, but potentially dangerous to do. But the option would be there, I suppose.
 
Old 08-03-2004, 08:22 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
@slidesystems:
Please do not post the same question in mulitple forums. Select the most relevant forum and post a single thread there. Also, please start your own new threads rather than asking your questions in another users thread as this can prevent users from getting replies to their questions and is considered poor forum ettiquette. Thank you.
-CC
 
Old 08-03-2004, 10:56 AM   #6
Ankheg
Member
 
Registered: Jul 2004
Location: Woodland Hills, CA
Distribution: Debian/Mandrake
Posts: 37

Rep: Reputation: 15
Man oh man I must have been brain fried yesterday...

When I actually thought about it after I went home, the more I realized that the hosts.allow/hosts.deny thing is something that was just stupid... Please ignore that post.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid acl help cgelectek Linux - Networking 3 11-10-2005 11:04 PM
do i need to ACL in squid.conf... razan Linux - Security 2 04-20-2005 06:42 AM
SQUID: ACL question razametal Linux - Software 1 09-18-2003 07:18 AM
Squid ACL dfctve_end_user Linux - Networking 2 01-13-2003 09:30 AM
Help me in Configuring Squid ACL tina_gora Linux - Networking 0 05-22-2001 02:31 AM


All times are GMT -5. The time now is 01:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration