From: Odhiambo WASHINGTON <[email protected]>
Date: Sun, 5 Mar 2006 11:07:44 +0300

* On 05/03/06 08:33 +0100, Henrik Nordstrom wrote:
> s�n 2006-03-05 klockan 07:58 +0300 skrev Odhiambo WASHINGTON:
> > Hello list,
> >
> > I have a quick one.
> >
> > I have a certain IP class that I'd like to restrict to something akin to
> > a "walled garden" - allowing them access to only 3 sites - site1, site2
> > and site3.
> >
> > I am not sure how to go about this, but I have a feeling this is in the
> > FAQ, only I cannot figure out which FAQ.
> >
> > So I am thinking that I need to:
> >
> > 1. Define the IP class in an acl
> > 2. Define the allowed sites in an acl
> > 3. Tie 1 and 2 together to allow the class access to the sites
> > 4. Deny this class access to all other sites.
> 100% on the point
> > Can someone point me in the right direction, even my example.
> Just translate the above 4 lines into acl and http_access directives..
> It translates literally into 4 lines with the exact same content just
> different language..
> Squid FAQ 10 Access Controls
> <url:> is a good starting
> point. Especially the introduction. There is no exact example for what
> you want to do, but I think you will manage.

Allow me to fumble here so that I can be corrected ;)

1. Define the IP class

   acl walled_class src

2. Define allowed sites - which I'll put in a file

#Allowed Sites
and other allowed sites...

3. Now that I have my allowed site list ready, I use the following
   ACL to restrict usage:

acl walled_class src
acl AllowedSites dstdomain "/usr/local/etc/squid/allowed-sites"
http_access allow walled_class AllowedSites
http_access deny walled_class !AllowedSites

Is this any closer to what I'd like to achieve?

Thanks for any insights/corrections.



