squid configuration

Tibenda · 02-14-2009, 10:27 AM

Hi.
I use ubuntu linux.
I have atransparent proxy server well configured and running.
I have basically denied some type of files and websites from getting accessed, I however want to restrict access to certain websites and to download of certain files to some users and allow access to the same files/websites to other users at the same time.
Currently i block access to all but i would like to put an exception to other users(IPs).
Need some help please.
Thanx

win32sux · 02-14-2009, 11:13 AM

Quote:

Originally Posted by Tibenda

Currently i block access to all but i would like to put an exception to other users(IPs).

To do this you basically just need to use the src ACL with the exception IPs. Then put this into a "http_access allow" rule, while a later "http_access deny" would use the same ACLs minus the src one to match everyone else.

This example would grant access to microsoft.com only for IPs 192.168.1.113-192.168.1.119:

Code:

acl special_users src 192.168.1.113-192.168.1.119
acl special_website dstdomain .microsoft.com
http_access allow special_users special_website
http_access deny special_website

salasi · 02-15-2009, 04:04 AM

...and do note that if some users are clever enough/malaevolent enough and have the access to change their IPs, you might want to consider whether this will really do what you want.

Tibenda · 02-15-2009, 06:00 AM

Quote:

Originally Posted by win32sux

To do this you basically just need to use the src ACL with the exception IPs. Then put this into a "http_access allow" rule, while a later "http_access deny" would use the same ACLs minus the src one to match everyone else.

This example would grant access to microsoft.com only for IPs 192.168.1.113-192.168.1.119:

Code:

acl special_users src 192.168.1.113-192.168.1.119
acl special_website dstdomain .microsoft.com
http_access allow special_users special_website
http_access deny special_website

Hi. Thanx for ur reply
I think it will help me.
I will try it tomorrow when i get back to office where da machines are.
How can i apply the same to files.
Like i have blocked download of some files such as .exe, how can i put the same exception for files in this case.

Thanx alot please.

Tibenda · 02-15-2009, 06:04 AM

Quote:

Originally Posted by salasi

...and do note that if some users are clever enough/malaevolent enough and have the access to change their IPs, you might want to consider whether this will really do what you want.

Hi.
I appreciate querry!
Ist possible to use Mac-Addresses instead of IP addresses in the squid.conf file?
If so, how.
else, do you have/know any other method one could use?

Thanx Big time

win32sux · 02-15-2009, 03:12 PM

Quote:

Originally Posted by Tibenda

How can i apply the same to files.
Like i have blocked download of some files such as .exe, how can i put the same exception for files in this case.

You can use the url_regex and/or rep_mime_type ACL.

Quote:

Ist possible to use Mac-Addresses instead of IP addresses in the squid.conf file?
If so, how.
else, do you have/know any other method one could use?

For working with MAC addresses, use the arp ACL.

Information about all of these is available all over the Web, one example location is here.

your_shadow03 · 02-16-2009, 06:18 AM

How can I restrict user to log-off the internet after 30 mins of usage in my cyber cafe store?

win32sux · 02-16-2009, 07:22 AM

Quote:

Originally Posted by your_shadow03

How can I restrict user to log-off the internet after 30 mins of usage in my cyber cafe store?

You've been here long enough to know that we don't tolerate thread hijacking.

Open a new thread for your question.