ACL in Squid Server

Koshal · 01-17-2012, 04:56 PM

Hi
I have configured Squid server on RHEL05. All is well, make ACL for all users. But I want to allow some social site (not all sites)on perticular person (for managers and some senior person) or IP's.

Thanks in advance

bathory · 01-18-2012, 12:27 AM

Hi,

Assuming you already have an ACL for the social sites (e.g. acl social_sites), you can use

Code:

...
acl managers x.x.x.x y.y.y.y

#put before any other http_access
http_access allow managers social_sites
http_access ...

Regards

Koshal · 01-18-2012, 01:54 PM

Hi Bathory,
I want to make ACL for many manager or many IPs not one

bathory · 01-18-2012, 02:22 PM

Hi,

In the example above I've used 2 IPs, but you can add as many IPs as you like (or even subnets), like this:

Code:

acl managers 1.1.1.1 2.2.2.2 3.3.3.0/27

You can take a look at the acl src syntax here

Regards

deep27ak · 01-19-2012, 03:46 AM

for allowing few sites to some managers

Code:

acl managers src 192.168.0.100 192.168.0.101
acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all
http_access allow managers

bathory · 01-19-2012, 07:15 AM

Quote:

Originally Posted by deep27ak

for allowing few sites to some managers

Code:

acl managers src 192.168.0.100 192.168.0.101
acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all
http_access allow managers

This is not going to work, as the "http_access allow managers" is after the "http_access deny all", so it will not be evaluated

Cheers

deep27ak · 01-19-2012, 07:32 AM

apologies

this should be the syntax

Code:

acl managers src 192.168.0.100 192.168.0.101
http_access allow managers

acl goodsites dstdomain .yahoo.com
http_access allow  goodsites
http_access deny all

Koshal · 01-19-2012, 06:02 PM

Quote:

Originally Posted by bathory

Hi,

In the example above I've used 2 IPs, but you can add as many IPs as you like (or even subnets), like this:

Code:

acl managers 1.1.1.1 2.2.2.2 3.3.3.0/27

You can take a look at the acl src syntax here

Regards

Thanks Bathory for that.

But I want ask to you one thing

I made ACL, deny for all user like orkut facebook youtube gmail naukari songs movies games etc.

But I want to allow only gmail and youtube on some IP's. Please tell me How can do this ???????????

Thanks

bathory · 01-20-2012, 12:46 AM

Hi,

You can make other acls, like:

Code:

acl special_url dstdomain .gmail.com .youtube.com
acl special_ips src 1.1.1.1 2.2.2.2

and add before any other http_acces:

Code:

http_acces allow special_url special_ips 
...

You need to remember that http_acces is evaluated from top to bottom, so when squid finds the 1st match it stops evaluation. BTW you can find more examples in the bottom of the page in the link in my previous post

Regards

Koshal · 01-23-2012, 02:16 AM

Thank You So Much

Regards,
Raghu

Satyaveer Arya · 01-23-2012, 03:07 AM

Or you can do like this:

Quote:

acl managers src <IP_address_of_managers>
acl local dstdomain <destination_domain_name>
http_access allow managers local

dstdomain names like .yahoo.com, .google.com