On 18 June 2010 15:44, Ron Wellsted <r...@wellsted.org.uk> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 18/06/10 15:22, Kris Douglas wrote: >> On 18 June 2010 15:10, Simon Greenwood <sfgreenw...@gmail.com> wrote: >>> >>> >>> On 18 June 2010 14:38, Kris Douglas <krisdoug...@gmail.com> wrote: >>>> >>>> Hello, everyone, at work, I have just bought a foxconn netbox to use >>>> as a squid proxy. >>>> >>>> The scenario is that everyone is looking at world cup stuff, and >>>> little is being done. Anyway, we want to to be able to let certain >>>> websites be accessible, so I made a whitelist, saved it to >>>> /etc/squid/whitelist and I have set it to be allowed in the ACL menu. >>>> (I am using webmin to control the configuration), I then made a user >>>> "mviron", for the staff and a user madmin for the admins. I have set >>>> their passwords and such in the authentication files. I then added >>>> that authentication requirement to the squid config file. I allowed >>>> our IP ranges access to the internet (10.10.8.0/24) and set the web >>>> browser proxy address to the squid box (proxy1). When I tried to load >>>> a page, it said access denied and said it was set in the ACL. This is >>>> the same for any machine on the network, including the local ubuntu >>>> 10.04 squid machine. >>>> >>>> We basically want the users that login as mviron to only be able to >>>> access the whitelist, and users who login as madmin can access the >>>> whole of the internet. >>>> >>>> I'm going to put up a pastebin of the config file: >>>> http://pastebin.com/6Dc99Ty1 >>>> >>>> I would really appreciate if I could get some input on this, I would >>>> not be posting here if I wasn't completely stumped, I have read loads >>>> of guides and just can not get my head around it. >>>> >>> >>> My squid-fu is very rusty but to me it would be more logical if the >>> http_access lines that define the options for the acl started with the >>> deny_all line like this: >>> http_access deny all >>> http_access allow ncsa_mviron_users whitelist >>> http_access allow ncsa_madmin_users >>> So that you assert that you are denying access to all, then allowing a >>> whitelist to mviron_users and then all to madmin_users. >>> s/ >>> -- >>> Save BBC 6 Music http://www.love6music.com >>> My CV: http://bit.ly/sfgreenwood_cv >>> Linkedin: http://www.linkedin.com/in/simonfgreenwood >>> Twitter: @sfgreenwood >>> >>> -- >>> ubuntu-uk@lists.ubuntu.com >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk >>> https://wiki.ubuntu.com/UKTeam/ >>> >>> >> >> Haha, it's not just that it's the world cup, the internet is being >> hammered, and we need to maintain a suitable call quality, we are >> getting the line updated, but the proxy cache should improve it when >> pages aren't filtered. >> > Rather than doing this in Squid, install SquidGuard and/or Dansguardian. > These are designed as filters and are much better at applying > restrictions than Squid itself. > > - -- > Ron Wellsted > r...@wellsted.org.uk http://www.wellsted.org.uk > N 52.567623, W 2.136111 Linux Counter No. 202120 > Ekiga: 645022 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkwbhjcACgkQ8lOfTmhjD3MhQwCeLHon2TIavzpOuLLRa6prTy4y > h6wAoIev9ipv+FU5YyBgnjk/b20jZm2B > =ERnJ > -----END PGP SIGNATURE----- > > -- > ubuntu-uk@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk > https://wiki.ubuntu.com/UKTeam/ >
Aha, thank you ron, it's all working like a charm now :) -- Kris Douglas, NODE Computer Systems Servers - PCs - Design - Administration T. 01200438449 M. 07728574285 Please consider the environment before you print this E-Mail. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/