hi guys,
can any one tell how can i block downloading from internet at working hours, i am using squid with fedora core.
from
nesargha

I believe you can include "time" in your Squid acls, like:

acl rule1 time MTWHF 8:00-17:00
..
http_access deny rule1

See the squid documentation of the "time" acl for more info

Alternatively you can use the iptables time match to block outgoing http requests during certain time periods to prevent packet from even reaching the squid proxy. IMHO I'd going with the builtin Squid acls.

Thank u capt. caveman, i have made the following changes to my squid.conf file

-------------
acl allowlist1 url_regex -i 192.168

#We want to limit downloads of these type of files
#Put this all in one line
acl denylist2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt
.ram .rm .iso .raw .wav .mov


#limit bandwidth during the day
acl day time 09:00-23:59

delay_pools 2

#First delay class (1) of second type (2).
delay_class 1 2

delay_parameters 1 -1/-1 -1/-1

delay_access 1 allow allowlist1

#Second delay class (2) of second type (2).
delay_class 2 2

delay_parameters 2 1000/5000 750/4000

delay_access 2 allow day
delay_access 2 deny !day
delay_access 2 allow denylist2

#EOF
-------------------
but this is affecting my local internet traffic, can you just tell me what might be the problem. i have feeling that the delay_parameters 2 1000/5000 750/4000 might worng i just dont know.

What are you trying to do with the following items that I've highlighted in red?

I'm not at all a squid expert, but I believe what you are doing is throttling all daytime traffic to a horrendously slow rate and blocking all traffic after midnight. The only exception is that urls that contain 192.168. are allowed unlimited (so this would only apply to a local webserver on your lan (e.g http://192.168.0.1/foo). Could you explain what you are trying to do in more detail and maybe we can figure out a proper config.

yeah,
basicaly the problem the people who are useing the internet in our network are slowing down the net by downloading the mp3 songs , movie files etc so , i wanted to made changes to squid config so that i can prevent these download and only allow the normal internet ie email , browse etc.

acl allowlist1 url_regex -i 192.168.100

here i am not allowing the the people to change the ip and at the same time allowing only those that come under the set and try to access ie. i have restricted the connections other than those comming in the list.

delay_parameters 1 -1/-1 -1/-1

delay_access 1 allow allowlist1

the above tell the squid donot give any slower bandwidth to this alowlist1
the following line

delay_class 2 2
delay_parameters 2 1000/5000 750/4000

the above tells the squid to give slower bandwidth to the file download not actually blocking but reduse the speed when the try to download these file

but the problem i dont know if my config is corret or any other way is there to do so

acl allowlist1 url_regex -i 192.168.100

What this does is match any traffic going to a url that contains the string 192.168.100 (like http://192.168.100.5/foo or http://192.168.100.10/foo/bar/baz). It does *not* match traffic that comes from IP addresses 192.168.100 going to some other IP. The url_regex command simply pulls out regular expressions from the url request string. If you want to give unrestricted access to IPs in 192.168.100.X then just use the src match:

acl allowlist1 src 192.168.100.0/24