No go. The first part has to be a source, and webmail is not a source,
it's a destination.
I tried the following with still no go. Without adding ! Statements on
each ACL pass rule then allows full access....what I need is like below,
but for it to start with the first ACL "CanUseWebmail" and if part of
that source group, apply that ACL, then move on to the next. The final
step resulting in the default rule which blocks all the bad stuff and if
nothing gets tagged as bad, does the "all" function. I hope I am
explaining this correctly...i'm in a tight jamn here.
acl {
CanUseWebmail {
pass mail webmail
redirect
http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clientu
ser=%i&clientgroup=%s&url=%u&targetgroup=%t
}
CanUseInstantMessaging {
pass instantmessaging
redirect
http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clientu
ser=%i&clientgroup=%s&url=%u&targetgroup=%t
}
default {
pass !ads !adult !aggressive !antispyware !artnudes !banking
!beerliquorinfo !beerliquorsale !cellphones !chat !childcare !clothing
!culinary !customblocked !dating !dialers !drugs !ecommerce
!frencheducation !gambling !government !hacking !homerepair
!instantmessaging !jewelry !jobsearch !kidstimewasting !mail !naturism
!onlineauctions !onlinegames !onlinepayment !personalfinance !phishing
!porn !proxy !radio !religion !ringtones !sexuality !spyware !vacation
!violence !virusinfected !warez !weapons !webmail all
}
- Nick
-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 11, 2006 4:14 PM
To: Nick Duda
Cc: [email protected]
Subject: Re: [squid-users] Need help with a unique squidGuard setup
ons 2006-10-11 klockan 15:57 -0400 skrev Nick Duda:
> acl {
> CanUseWebmail {
> pass mail webmail !instantmessaging all
> redirect
> http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clien
> tu ser=%i&clientgroup=%s&url=%u&targetgroup=%t
> }
I think you need to switch the logics around here..
webmail {
pass CanUseWebmail
redirect ...
}
and similarly for the other destination groups. This changes the
configuration from restricting what sites each group of users may access
to restricting which users may access each group of sites, making it
easier to build permissive rules where the allowed access is the sum of
all rights.
Regards
Henrik
---------------------
Confidentiality note
The information in this email and any attachment may contain confidential and
proprietary information of VistaPrint and/or its affiliates and may be
privileged or otherwise protected from disclosure. If you are not the intended
recipient, you are hereby notified that any review, reliance or distribution by
others or forwarding without express permission is strictly prohibited and may
cause liability. In case you have received this message due to an error in
transmission, please notify the sender immediately and delete this email and
any attachment from your system.
---------------------
