On Thursday 05 January 2006 01:09, Dustin wrote: > I need to give limited access to a few web sites to one group, then > denying access to all else for that group. Another group will have > full internet access.
You don't explain which group is supposed to do what. So I'll guess. > From the faq, it seems as though this config > should work, but it doesn't: > > acl localnet proxy_auth REQUIRED src 10.100.3.0/24 This ACL is invalid (I wonder why Squid didn't complain). Either it's acl localnet proxy_auth REQUIRED or acl localnet src 10.100.3.0/24 > acl Full_InetAllow external win_domain_group Web_access_full > http_access allow Full_InetAllow > > acl de_urls dstdomain .fedex.com > acl de_InetAllow external win_domain_group Web_access_dataentry > http_access allow de_InetAllow de_urls > > When I tried the following, squid would not start: Why not? Which errors occur? > acl de_urls dstdomain .fedex.com .ups.com > acl de_InetAllow external win_domain_group Web_access_dataentry > http_access allow de_InetAllow de_urls > http_access deny all This would mean you allow access to the de_urls for members of the Web_access_dataentry group. Everyone else is denied access. Perhaps you can clarify. Christoph -- Never trust a system administrator who wears a tie and suit.
