[squid-users] Re: ACL

From: Henrik Nordstrom <[email protected]>
Date: Fri, 30 May 2003 22:03:38 +0200

On Friday 30 May 2003 18.05, Mike wrote:
> I have a question about your response in unix.squid-users.
>
> You say to use:
> >acl work_hours time 08:00-13:00
> >acl work_hours time 14:00-15:30
>
> I do that and I get this when I try to restart the service
>
> 2003/05/30 11:03:10| aclParseAclLine: ACL 'other_network' already
> exists with different type, skipping.
> 2003/05/30 11:03:10| aclParseAclLine: ACL 'other_network' already
> exists with different type, skipping.

This is not exacly what I described above.. you are trying to mix
different kind of data in the same acl name which won't work.

> Here is what I have in my config:
>
> acl admin_network src 10.10.10.0/255.255.255.240
> acl other_network src 10.10.10.29/255.255.255.128
> acl other_network time MTWTF 13:00-14:00
> acl other_network time MTWTF 17:30-23:00
> http_access allow admin_network
> http_access deny other_network
>
> My qyestion is how dow I define the 'other_network' time with out
> getting "already exists"?

By defining the time as another acl.

Based on your prior discussion I think the following is what you want:

# Allow admin to surf at all times
acl admin_network src 10.10.10.0/255.255.255.240
http_access allow admin_network

# Others are only allowed to surf outside office hours
acl other_network src 10.10.10.29/255.255.255.128
acl office_hours time MTWTF 13:00-14:00
acl office_hours time MTWTF 17:30-23:00
http_access allow other_network !office_hours

# Deny all other uses of the proxy
http_access deny all

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Fri May 30 2003 - 14:44:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:07 MST