It appears from further research that a client request is first matched
to a source, top down, then compared to acl for access.
That being the case, defining noaccess first should correct the problem:
src noaccess {
iplist local/abusers
}
src msg_proxy_user {
iplist local/iplist
}
I apologize for the false start. Please let me know if this is
successful.
Rick
-----Original Message-----
From: Hans-Dieter Kutz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 22, 2001 6:10 AM
To: Rick Matthews
Cc: Squidguard Mailing List
Subject: Re: Exclude Config
Hello Rick,
thank you for your suggestion, but that did not the Job.
Your Example was my first try. In local/iplist are not only IP-Adresses
but
rather IP-Adress-Ranges which include IP-Adresses in local/iplist. My
thought
that squid comes into line noaccess - blocks it and then comes
msg_proxy_user
with pass good. Into goog (local/iplist) are IP-Adresses from
local/abusers. So the access is granted.
Maybe you got another idea?
Greets,
ku
On Wed, Nov 21, 2001 at 10:59:59AM -0600, Rick Matthews wrote:
> Try this:
>
> <snip>
> logdir /usr/local/squidGuard/log
> dbhome /usr/local/squidGuard/db
>
> src msg_proxy_user {
> iplist local/iplist
> }
>
> src noaccess { <- Add
> iplist local/abusers <- Add
> } <- Add
>
> dest porn {
> domainlist porn/domains
> urllist porn/urls
> expressionlist porn/expressions
> }
>
> dest good {
> domainlist good/domains
> urllist good/urls
> expressionlist good/expressions
> }
>
> acl {
> noaccess { <- Add
> pass none <- Add
> } <- Add
>
> msg_proxy_user {
> pass good !porn all
> }
> default {
> pass none
> redirect
> http://msgproxy.intern.media-support.de/cgi-bin/blocked
> ?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u
> log /usr/local/squidGuard/log/deny.log
> }
> }
> <snip>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Hans-Dieter
> Kutz
> Sent: Wednesday, November 21, 2001 4:53 AM
> To: [EMAIL PROTECTED]
> Subject: Exclude Config
>
>
> Hello Gurus,
> I'd like to lock out some Users from my squid. Allowed is a complete
> B-Class,
> cause I didn't want to edit the allowed Users every day. So how to
> exclude
> "Black sheeps" from my Config.
> <snip>
> more squidGuard.conf
> logdir /usr/local/squidGuard/log
> dbhome /usr/local/squidGuard/db
>
> src msg_proxy_user {
> iplist local/iplist
> }
>
> dest porn {
> domainlist porn/domains
> urllist porn/urls
> expressionlist porn/expressions
> }
>
> dest good {
> domainlist good/domains
> urllist good/urls
> expressionlist good/expressions
> }
>
>
> acl {
> msg_proxy_user {
> pass good !porn all
> }
> default {
> pass none
> redirect
> http://msgproxy.intern.media-support.de/cgi-bin/blocked
> ?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u
> log /usr/local/squidGuard/log/deny.log
> }
> }
> <snip>
> My 1. thought was to define a new source "msg_bad_user", where I
define
> the "Bad
> Guys" (IP-Adress).
> But how to bind this in my configuration?
>
> Greets,
> ku
> --
> hans-dieter kutz Media-Support Group GmbH "AIX to
> Oracle-Admins:
> Bonner Strasse 172 - 176 D-50968 Koeln "We all know,
> ORACLE
> phone +49 221 3091-565 fax +49 221 3091-569 "chews memory
> like a cow
> [EMAIL PROTECTED] Germany http://www.hdkutz.de "does her cud
> :-)))
--
hans-dieter kutz Media-Support Group GmbH "AIX to
Oracle-Admins:
Bonner Strasse 172 - 176 D-50968 Koeln "We all know,
ORACLE
phone +49 221 3091-565 fax +49 221 3091-569 "chews memory
like a cow
[EMAIL PROTECTED] Germany http://www.hdkutz.de "does her cud
:-)))
