-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/06/10 15:22, Kris Douglas wrote: > On 18 June 2010 15:10, Simon Greenwood <[email protected]> wrote: >> >> >> On 18 June 2010 14:38, Kris Douglas <[email protected]> wrote: >>> >>> Hello, everyone, at work, I have just bought a foxconn netbox to use >>> as a squid proxy. >>> >>> The scenario is that everyone is looking at world cup stuff, and >>> little is being done. Anyway, we want to to be able to let certain >>> websites be accessible, so I made a whitelist, saved it to >>> /etc/squid/whitelist and I have set it to be allowed in the ACL menu. >>> (I am using webmin to control the configuration), I then made a user >>> "mviron", for the staff and a user madmin for the admins. I have set >>> their passwords and such in the authentication files. I then added >>> that authentication requirement to the squid config file. I allowed >>> our IP ranges access to the internet (10.10.8.0/24) and set the web >>> browser proxy address to the squid box (proxy1). When I tried to load >>> a page, it said access denied and said it was set in the ACL. This is >>> the same for any machine on the network, including the local ubuntu >>> 10.04 squid machine. >>> >>> We basically want the users that login as mviron to only be able to >>> access the whitelist, and users who login as madmin can access the >>> whole of the internet. >>> >>> I'm going to put up a pastebin of the config file: >>> http://pastebin.com/6Dc99Ty1 >>> >>> I would really appreciate if I could get some input on this, I would >>> not be posting here if I wasn't completely stumped, I have read loads >>> of guides and just can not get my head around it. >>> >> >> My squid-fu is very rusty but to me it would be more logical if the >> http_access lines that define the options for the acl started with the >> deny_all line like this: >> http_access deny all >> http_access allow ncsa_mviron_users whitelist >> http_access allow ncsa_madmin_users >> So that you assert that you are denying access to all, then allowing a >> whitelist to mviron_users and then all to madmin_users. >> s/ >> -- >> Save BBC 6 Music http://www.love6music.com >> My CV: http://bit.ly/sfgreenwood_cv >> Linkedin: http://www.linkedin.com/in/simonfgreenwood >> Twitter: @sfgreenwood >> >> -- >> [email protected] >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk >> https://wiki.ubuntu.com/UKTeam/ >> >> > > Haha, it's not just that it's the world cup, the internet is being > hammered, and we need to maintain a suitable call quality, we are > getting the line updated, but the proxy cache should improve it when > pages aren't filtered. > Rather than doing this in Squid, install SquidGuard and/or Dansguardian. These are designed as filters and are much better at applying restrictions than Squid itself.
- -- Ron Wellsted [email protected] http://www.wellsted.org.uk N 52.567623, W 2.136111 Linux Counter No. 202120 Ekiga: 645022 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwbhjcACgkQ8lOfTmhjD3MhQwCeLHon2TIavzpOuLLRa6prTy4y h6wAoIev9ipv+FU5YyBgnjk/b20jZm2B =ERnJ -----END PGP SIGNATURE----- -- [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
