Re: [squid-users] Special access rights to a sub-group of users

From: Christoph Haas <[email protected]>
Date: Sun, 14 Mar 2004 19:28:15 +0100

On Sun, Mar 14, 2004 at 03:06:54PM -0300, fefi@ig.com.br wrote:
> I have the following configuration:
>
> acl rionet src 120.202.200.0/255.0.0.0
> acl morning time SMTWHFA 08:30-12:30
> acl afternoon time SMTWHFA 13:30-18:30
> acl denied_ext url_regex \.zip$
> acl denied_ext url_regex \.midi$ \.wav$
> acl denied_ext url_regex \.mpe?ga$ \.mp[23]$ \.m3u$ \.r[am]$ \.r[ap]m$
> acl denied_ext url_regex \.mp[eg]$ \.mpeg$ \.qt$ \.mov$ \.avi$
> acl denied_ext url_regex \.exe$ \.com$ \.bin$ \.scr$ \.dll$ \.EXE$ \.Exe$
> acl allowed_ext url_regex hotmail.com$ webmail.exe$ iname.com$
>
> http_access allow rionet allowed_ext
> http_access deny rionet denied_ext morning
> http_access deny rionet denied_ext afternoon
> http_access allow rionet
> http_access allow localhost
> http_access deny all
>
> How do I give total access to a sub-group of the IP range declared in
> rionet, i.e., IPs 120.202.200.20 and 120.202.200.25 have unrestricted
> access.

The order of the ACLs matters. Just add another ACL on top of the other
http_access definitions like this:

acl subgroup src 120.202.200.20
acl subgroup src 120.202.200.25
http_access allow subgroup

If the list is longer you could as well link to an external file like...

acl subgroup src "/etc/squid/subgroup.src"

...and list the IPs there.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Sun Mar 14 2004 - 11:28:18 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST