Skip to main content

controlling web access with squid's acl

More
18 years 2 months ago #16639 by monsky
controlling web access with squid's acl was created by monsky
hi to all,

aside from default configuration in squid.conf. i inserted this lines to control web access. i have the "iplist" file, list of ip's to be exluded. "blockyahoo" file, list of yahoo domains to be block at certain time.

acl our_networks src 192.168.0.0/24
acl exceptionip src "etc/squid/iplist"
acl break_time time M T W H F A 12:00-13:00
acl blockyahoo srcdomain "/etc/squid/blockyahoo"
http_access allow our_networks break_time
http_access allow blockyahoo break_time
http_access allow exceptionip
http_access allow localhost
http_access deny all


here is the problem, there are ip's that is being blocked and there are ip's that are seems not affected by the acl. The ip's are obtained from dhcpd server in FC4.

any idea what do you think i missed?

tnx again
More
18 years 2 months ago #16648 by DaLight
Replied by DaLight on topic Re: controlling web access with squid's acl
I can spot an error in the blockyahoo acl. You used "srcdomain" instead of "dstdomain". I assume you want to block access to yahoo domains rather than from them.
I assume you also know that Squid exits the access list when a match is made. That means that any IPs in the "exceptionip" acl which are also in the "our_networks" acl will still only be able to gain access during "break_time".
Hope this helps.
More
18 years 2 months ago #16680 by monsky
Replied by monsky on topic Re: controlling web access with squid's acl
tnx dalight,

ill checkthe blockyaho acl. yes, my objective is to give access only at breaktime.

but there are IPs that could still browse even it is not included on the iplist exemption file.
More
18 years 2 months ago #16688 by DaLight
Replied by DaLight on topic Re: controlling web access with squid's acl

tnx dalight,
but there are IPs that could still browse even it is not included on the iplist exemption file.

If you have not locked down all access to the internet at the IP level using some sort of egress filtering scheme/firewall (e.g. iptables), then PCs will always be able to bypass your Squid proxy. You need to ensure that all clients have to go through the Squid proxy in order to access the internet. Provide some more details about your network if you need more help.
More
18 years 2 months ago #16716 by monsky
Replied by monsky on topic Re: controlling web access with squid's acl
i have dansguardian installed and transparent proxied. all works well, just want to add time-web-access control. if you can give me other method aside from squid, im going to try it. i just want to have a control over the the time-usage
More
18 years 2 months ago #16816 by Elohim
Replied by Elohim on topic Re: controlling web access with squid's acl
What rule did you insert in IPtables?
Time to create page: 0.132 seconds