Re: [squid-users] Restricting Access to certain sites only

From: Odhiambo WASHINGTON <[email protected]>
Date: Sun, 5 Mar 2006 11:07:44 +0300

* On 05/03/06 08:33 +0100, Henrik Nordstrom wrote:
> s�n 2006-03-05 klockan 07:58 +0300 skrev Odhiambo WASHINGTON:
> > Hello list,
> >
> > I have a quick one.
> >
> > I have a certain IP class that I'd like to restrict to something akin to
> > a "walled garden" - allowing them access to only 3 sites - site1, site2
> > and site3.
> >
> > I am not sure how to go about this, but I have a feeling this is in the
> > FAQ, only I cannot figure out which FAQ.
> >
> > So I am thinking that I need to:
> >
> > 1. Define the IP class in an acl
> > 2. Define the allowed sites in an acl
> > 3. Tie 1 and 2 together to allow the class access to the sites
> > 4. Deny this class access to all other sites.
>
> 100% on the point
>
> > Can someone point me in the right direction, even my example.
>
> Just translate the above 4 lines into acl and http_access directives..
> It translates literally into 4 lines with the exact same content just
> different language..
>
> Squid FAQ 10 Access Controls
> <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html> is a good starting
> point. Especially the introduction. There is no exact example for what
> you want to do, but I think you will manage.

Allow me to fumble here so that I can be corrected ;)

1. Define the IP class

   acl walled_class src 172.16.0.0/24

2. Define allowed sites - which I'll put in a file

#Allowed Sites
site1.com
site2.com
site3.com
and other allowed sites...

3. Now that I have my allowed site list ready, I use the following
   ACL to restrict usage:

acl walled_class src 172.16.0.0/24
acl AllowedSites dstdomain "/usr/local/etc/squid/allowed-sites"
http_access allow walled_class AllowedSites
http_access deny walled_class !AllowedSites

Is this any closer to what I'd like to achieve?

Thanks for any insights/corrections.

-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+
The qotc (quote of the con) was Liz's:
	"My brain is paged out to my liver"
Received on Sun Mar 05 2006 - 01:08:03 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST