Re: [squid-users] Help me: Multiple ACLs in Squid Proxy v 3.0

Sat, 10 Sep 2011 19:57:16 -0700 

On 10/09/11 19:03, Kumar P wrote:

HI dear,

I am Kumar, Here is my Squid configuration file. ( Squid v.3.0 )

I would like to give specific users access to specific web content,
But through this configuration file, if I give permission for a
specific user to access the tutorial, social networking is blocked but
movie is accessible. Even if I grouped allow and deny separately and
checked, the same problem continues; I can't grant access to the
tutorial but still block access to movies.
Sure you can. Squid access controls are at heart a list of boolean statements. Which can describe any property of the request in any combination of any order.
You are just committing the newbies mistake of only using one property per decision. This is how the ACLs actually work: 
http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes



acl localnet src 10.1.1.0/24
acl special src "/etc/squid/special.txt" # All Access IPs
acl unlimited src "/etc/squid/unlimited.txt"        # Full Download access

acl allow_proxy src "/etc/squid/allow_proxy.txt"    # Allow Proxy sites
acl allow_social src "/etc/squid/allow_social.txt"  # Allow Social networking

acl allow_tutorial src "/etc/squid/allow_tutorial.txt"  # Allow Tutorial

acl allow_movie src "/etc/squid/allow_movie.txt"    # Allow Jobs
acl allow_jobs src "/etc/squid/allow_jobs.txt"      # Allow Movie

#Allow / Block
acl goodkey url_regex "/etc/squid/goodkey.txt"

acl proxy url_regex "/etc/squid/proxy.txt"
acl social url_regex "/etc/squid/social.txt"
acl tutorial url_regex "/etc/squid/tutorial.txt"
acl movie url_regex "/etc/squid/movie.txt"

acl jobs url_regex "/etc/squid/jobs.txt"

#Download Limit
reply_body_max_size 3000 KB localnet !unlimited
request_body_max_size 3000 KB localnet !unlimited

#Allow
http_access allow special

http_access allow goodkey

#Proxy
http_access allow allow_proxy
http_access deny proxy


Replace with:
 http_access allow allow_proxy proxy



#Social
http_access allow allow_social
http_access deny social


Replace with:
 http_access allow allow_social social



#Tutorial
http_access allow allow_tutorial

http_access deny tutorial


Replace with:
 http_access allow allow_tutorial tutorial



#Movie
http_access allow allow_movie
http_access deny movie



Replace with:
 http_access allow allow_movie movie


#Jobs
http_access allow allow_jobs
http_access deny jobs


Replace with:
 http_access allow allow_jobs jobs



#ACL Allow
http_access allow localnet


Replace with:
 http_access allow localnet !tutorial !jobs !movie




#And finally deny all other access to this proxy
http_access allow localhost


Maybe replace with:
 http_access allow localhost !tutorial !jobs !movie


http_access deny all




Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.15
  Beta testers wanted for 3.2.0.11

Reply via email to