Re: [squid-users] Filter by time and white-black lists

Mon, 21 Jan 2013 05:23:46 -0800 

Although Squid ACLs can do almost anything they are not the simplest
thing to configure.  A URL redirector like ufdbGuard offloads work from Squid
and can do the same thing using a more intuitive configuration:

source admin {
   ip 10.77.88.47
}
source managers {
   ip 10.77.88.42-10.77.88.46
}
source classroom {
   ip 10.77.88.1-10.77.88.41
}
category whitelist01 {
   domainlist ".../whitelist01/domains"
}
category blacklist01 {
   domainlist ".../blacklist01/domains"
}
time workinghours {
   weekly mon,tue,wed,thu,fri 09:00 - 17:00
}
acl {
   admin { pass any }
   managers within workinghours { pass whitelist01 none } else { pass none }
   classroom within workinghours { pass !blacklist01 any } else { pass none }
   default { pass none }
}

Marcus


On 01/21/2013 07:33 AM, Helmut Hullen wrote:

Hallo, Artur,

Du meintest am 21.01.13:


I've tried many times and I can not do it, please help :(



I have 2 classrooms total 40 PC's
  +5 manager PC's
  +1 administrator
So IP range is
10.77.88.1-10.77.88.41 - for classroom
10.77.88.42-10.77.88.46 - for managers
10.77.88.47 - admin



Task:
1)Internet only for this 46 hosts 10.77.88.1-10.77.88.47
2)Classroom and managers can access internet only workdays from 9 to
17
3)Classroom have blacklist of sites in file for what access is
denied
4)Managers only can visit white list sites in file, all other
blocked
5)Admin can visit any web at any time
6)In weekends (A S) access only by authentification



Iam new to squid so I have difficulty to do this, I was able to set
access by days and time for one range, but how to join this with
white black list and other ranges for manager and admin +
authentication o_o I dont get how this http_access deny access work,
in what order, can someone provide solution for my task?I will be
very grateful


You seem to live in germany, perhaps you should look at "linux-user" 2/
2013, p. 16 ... 20 ("Squid als Spiel- und Social-Network-Bremse").


I'd try the following "http_access" order (untested):

acl localnet src 10.77.88.1-10.77.88.47
acl admin 10.77.88.47
http_access deny !localnet
# all others get fired

acl admin 10.77.88.47
http_access allow admin
# they are privileged

acl blacklist src "/etc/squid/blacklist"
acl schueler 10.77.88.1-10.77.88.41
http_access allow !schueler
# managers have more rights
# you may define a special acl for managers; it's not necessary in this
# example

http_access allow schueler !blacklist
# pupils are restricted

http_access deny all
# all other cases

-------------------------

The time restrictions are not implemented; take a look at listing 1 in
the above mentioned article.

Viele Gruesse!
Helmut

Reply via email to