* On 05/03/06 08:33 +0100, Henrik Nordstrom wrote:
> s�n 2006-03-05 klockan 07:58 +0300 skrev Odhiambo WASHINGTON:
> > Hello list,
> >
> > I have a quick one.
> >
> > I have a certain IP class that I'd like to restrict to something akin to
> > a "walled garden" - allowing them access to only 3 sites - site1, site2
> > and site3.
> >
> > I am not sure how to go about this, but I have a feeling this is in the
> > FAQ, only I cannot figure out which FAQ.
> >
> > So I am thinking that I need to:
> >
> > 1. Define the IP class in an acl
> > 2. Define the allowed sites in an acl
> > 3. Tie 1 and 2 together to allow the class access to the sites
> > 4. Deny this class access to all other sites.
>
> 100% on the point
>
> > Can someone point me in the right direction, even my example.
>
> Just translate the above 4 lines into acl and http_access directives..
> It translates literally into 4 lines with the exact same content just
> different language..
>
> Squid FAQ 10 Access Controls
> <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html> is a good starting
> point. Especially the introduction. There is no exact example for what
> you want to do, but I think you will manage.
Allow me to fumble here so that I can be corrected ;)
1. Define the IP class
acl walled_class src 172.16.0.0/24
2. Define allowed sites - which I'll put in a file
#Allowed Sites
site1.com
site2.com
site3.com
and other allowed sites...
3. Now that I have my allowed site list ready, I use the following
ACL to restrict usage:
acl walled_class src 172.16.0.0/24
acl AllowedSites dstdomain "/usr/local/etc/squid/allowed-sites"
http_access allow walled_class AllowedSites
http_access deny walled_class !AllowedSites
Is this any closer to what I'd like to achieve?
Thanks for any insights/corrections.
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
-- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <wash@wananchi.com> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ The qotc (quote of the con) was Liz's: "My brain is paged out to my liver"Received on Sun Mar 05 2006 - 01:08:03 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST