Duane (and others) thanks for your replies.
Duane Wessels wrote:
>
> Richard van Drimmelen writes:
>
> >Dear squid users,
> >
> >
> >In our institute I see that one specific PC in a student room is used a
> >lot for browsing 'nudies'. I'd like to restrict this browsing by
> >combining three acl's, based on:
> >
> > - the IP address/subnetmask of the PC
> > - the various sites visited,
> > - browsing time (disallowed between MON-FRI 09:00-17:00)
> >
> >What I've tried:
> >
> > acl STUDENT_PC src x.x.x.x/255.255.255.255
> > acl DIRTY_LITTLE_BASTARD dstdom_regex site1 site2 site3 site4
> > acl COME_BACK_LATER MTWHF 09:00-17:00
> >
> > http_access allow STUDENT_PC
> > http_access deny DIRTY_LITTLE_BASTARD
> > http_access deny COME_BACK_LATER
>
> The first one is matched, so the request is allowed. The other two lines
> are never consulted.
>
> >
> >I still get connected. Also tried:
> >
> > http_access allow COME_BACK_LATER
>
> Try putting them on the same line:
>
> http_access deny STUDENT_PC DIRTY_LITTLE_BASTARD COME_BACK_LATER
>
> put it at the top (or near) of your http_access lines.
>
> Duane W.
The first "http_access deny STUDENT_PC" is matched -> PC is completely
banned from browsing ALL the time ?????
This is not what I want. The PC should have access to the net (http,
ftp, etc.) but 'certain sites' should be browsed in their own time.
--
Richard van Drimmelen | email: [EMAIL PROTECTED]
System Management Research | phone: +31 20 5121899
The Netherlands Cancer Institute, Amsterdam | fax: +31 20 5121893
