LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-17-2012, 05:56 PM   #1
Koshal
LQ Newbie
 
Registered: Jun 2011
Location: New Delhi
Distribution: Redhat and Centos
Posts: 12

Rep: Reputation: Disabled
ACL in Squid Server


Hi
I have configured Squid server on RHEL05. All is well, make ACL for all users. But I want to allow some social site (not all sites)on perticular person (for managers and some senior person) or IP's.

Thanks in advance
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-18-2012, 01:27 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,885

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Hi,

Assuming you already have an ACL for the social sites (e.g. acl social_sites), you can use
Code:
...
acl managers x.x.x.x y.y.y.y

#put before any other http_access
http_access allow managers social_sites
http_access ...
Regards
 
Old 01-18-2012, 02:54 PM   #3
Koshal
LQ Newbie
 
Registered: Jun 2011
Location: New Delhi
Distribution: Redhat and Centos
Posts: 12

Original Poster
Rep: Reputation: Disabled
Question ACL in Squid Server

Hi Bathory,
I want to make ACL for many manager or many IPs not one
 
Old 01-18-2012, 03:22 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,885

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Hi,

In the example above I've used 2 IPs, but you can add as many IPs as you like (or even subnets), like this:
Code:
acl managers 1.1.1.1 2.2.2.2 3.3.3.0/27
You can take a look at the acl src syntax here

Regards
 
1 members found this post helpful.
Old 01-19-2012, 04:46 AM   #5
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
for allowing few sites to some managers

Code:
acl managers src 192.168.0.100 192.168.0.101
acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all
http_access allow managers
 
Old 01-19-2012, 08:15 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,885

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Quote:
Originally Posted by deep27ak View Post
for allowing few sites to some managers

Code:
acl managers src 192.168.0.100 192.168.0.101
acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all
http_access allow managers
This is not going to work, as the "http_access allow managers" is after the "http_access deny all", so it will not be evaluated

Cheers
 
2 members found this post helpful.
Old 01-19-2012, 08:32 AM   #7
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
apologies

this should be the syntax

Code:
acl managers src 192.168.0.100 192.168.0.101
http_access allow managers

acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all
 
Old 01-19-2012, 07:02 PM   #8
Koshal
LQ Newbie
 
Registered: Jun 2011
Location: New Delhi
Distribution: Redhat and Centos
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Hi,

In the example above I've used 2 IPs, but you can add as many IPs as you like (or even subnets), like this:
Code:
acl managers 1.1.1.1 2.2.2.2 3.3.3.0/27
You can take a look at the acl src syntax here

Regards

Thanks Bathory for that.

But I want ask to you one thing

I made ACL, deny for all user like orkut facebook youtube gmail naukari songs movies games etc.

But I want to allow only gmail and youtube on some IP's. Please tell me How can do this ???????????

Thanks
 
Old 01-20-2012, 01:46 AM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,885

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Hi,

You can make other acls, like:
Code:
acl special_url dstdomain .gmail.com .youtube.com
acl special_ips src 1.1.1.1 2.2.2.2
and add before any other http_acces:
Code:
http_acces allow special_url special_ips 
...
You need to remember that http_acces is evaluated from top to bottom, so when squid finds the 1st match it stops evaluation. BTW you can find more examples in the bottom of the page in the link in my previous post

Regards

Last edited by bathory; 01-23-2012 at 05:17 AM. Reason: Forgot rules
 
1 members found this post helpful.
Old 01-23-2012, 03:16 AM   #10
Koshal
LQ Newbie
 
Registered: Jun 2011
Location: New Delhi
Distribution: Redhat and Centos
Posts: 12

Original Poster
Rep: Reputation: Disabled
Thank You So Much

Regards,
Raghu
 
Old 01-23-2012, 04:07 AM   #11
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,415

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Or you can do like this:

Quote:
acl managers src <IP_address_of_managers>
acl local dstdomain <destination_domain_name>
http_access allow managers local
dstdomain names like .yahoo.com, .google.com
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid proxy server acl saifkasalam Linux - Server 2 08-06-2011 12:57 AM
squid cache proxy server acl rules guideline salimshahzad Linux - Server 1 02-08-2010 11:05 AM
Squid Proxy Server - Cannot Add ACL tzh Linux - Software 1 08-03-2007 02:52 AM
I want to by pass my proxy server's ACL i.e squid aTkAl^^PiTcHu Linux - Software 4 09-06-2006 03:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration