RE: [squid-users] Need help with a unique squidGuard setup

From: Nick Duda <[email protected]>
Date: Wed, 11 Oct 2006 16:47:14 -0400

No go. The first part has to be a source, and webmail is not a source,
it's a destination.

I tried the following with still no go. Without adding ! Statements on
each ACL pass rule then allows full access....what I need is like below,
but for it to start with the first ACL "CanUseWebmail" and if part of
that source group, apply that ACL, then move on to the next. The final
step resulting in the default rule which blocks all the bad stuff and if
nothing gets tagged as bad, does the "all" function. I hope I am
explaining this correctly...i'm in a tight jamn here.

acl {

    CanUseWebmail {
        pass mail webmail
        redirect
http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clientu
ser=%i&clientgroup=%s&url=%u&targetgroup=%t
    }

    CanUseInstantMessaging {
        pass instantmessaging
        redirect
http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clientu
ser=%i&clientgroup=%s&url=%u&targetgroup=%t
    }

    default {
        pass !ads !adult !aggressive !antispyware !artnudes !banking
!beerliquorinfo !beerliquorsale !cellphones !chat !childcare !clothing
!culinary !customblocked !dating !dialers !drugs !ecommerce
!frencheducation !gambling !government !hacking !homerepair
!instantmessaging !jewelry !jobsearch !kidstimewasting !mail !naturism
!onlineauctions !onlinegames !onlinepayment !personalfinance !phishing
!porn !proxy !radio !religion !ringtones !sexuality !spyware !vacation
!violence !virusinfected !warez !weapons !webmail all
}

- Nick

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Wednesday, October 11, 2006 4:14 PM
To: Nick Duda
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Need help with a unique squidGuard setup

ons 2006-10-11 klockan 15:57 -0400 skrev Nick Duda:

> acl {
> CanUseWebmail {
> pass mail webmail !instantmessaging all
> redirect
> http://localhost/errors/aclerror.php?clientaddr=%a&clientname=%n&clien
> tu ser=%i&clientgroup=%s&url=%u&targetgroup=%t
> }

I think you need to switch the logics around here..

        webmail {
                pass CanUseWebmail
                redirect ...
        }

and similarly for the other destination groups. This changes the
configuration from restricting what sites each group of users may access
to restricting which users may access each group of sites, making it
easier to build permissive rules where the allowed access is the sum of
all rights.

Regards
Henrik

---------------------
Confidentiality note
The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and delete this email and any attachment from your system.
---------------------
Received on Wed Oct 11 2006 - 14:47:13 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST