Quote:
Originally Posted by andycol
so what should i do?
sorry new to squid
|
Like I said earlier, these things are processed from top to bottom. You need to make sure things are in the proper order. If you apply the same style you used for the other lines, you'd end up with:
Code:
acl banned_porn url_regex -i "/etc/squid/banned.porn"
http_access deny banned_porn
acl banned_domain dstdom_regex -i "/etc/squid/banned.domain"
http_access deny banned_domain
acl banned_filetypes urlpath_regex -i "/etc/squid/banned.filetypes"
http_access deny banned_filetypes
acl my_special_users src 192.168.0.228-192.168.0.230
http_access allow my_special_users
acl our_networks src 192.168.0.0/16
http_access allow our_networks
But if the idea is to prevent 192.168.0.228-192.168.0.230 from having their access filtered, you'd need to stick that chunk above the banning ACLs, like:
Code:
acl my_special_users src 192.168.0.228-192.168.0.230
http_access allow my_special_users
acl banned_porn url_regex -i "/etc/squid/banned.porn"
http_access deny banned_porn
acl banned_domain dstdom_regex -i "/etc/squid/banned.domain"
http_access deny banned_domain
acl banned_filetypes urlpath_regex -i "/etc/squid/banned.filetypes"
http_access deny banned_filetypes
acl our_networks src 192.168.0.0/16
http_access allow our_networks
This way, they wouldn't be affected by any of the access restrictions.
If, on the other hand, you only wished for them to bypass one of the ACLs, then just tweak the order:
Code:
acl banned_porn url_regex -i "/etc/squid/banned.porn"
http_access deny banned_porn
acl banned_filetypes urlpath_regex -i "/etc/squid/banned.filetypes"
http_access deny banned_filetypes
acl my_special_users src 192.168.0.228-192.168.0.230
http_access allow my_special_users
acl banned_domain dstdom_regex -i "/etc/squid/banned.domain"
http_access deny banned_domain
acl our_networks src 192.168.0.0/16
http_access allow our_networks
In this example, 192.168.0.228-192.168.0.230 wouldn't have any domain restrictions enforced on them, but they would still be subject to your porn URL and file type restrictions.