November 25, 2024, 08:54:31 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Proxy restriction  (Read 6354 times)

Offline sachin

  • New Member
  • Posts: 3
Proxy restriction
« on: September 29, 2006, 01:41:00 PM »
Hi, Friends

I am using squid proxy 2.5.STABLE 6.3. We have 20-25 users using internet for various sites including porn sites. Now our management has deside to block all sites except few official sites.
I have configured the said proxy with using ncsa_auth. I have made 3 acl namely Admin, general and accounts, but i am unable to give following rights to each one. In Admin user abc and xyz will have rightst to access every sites, In general Pqr and ghi will allow to access yahoo, hotmail and rediff and In accounts 1,2,3 and 4 will allow bank sites only else they will be denied
Please guide me solve my obove problem

regards,
Sachin

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Proxy restriction
« Reply #1 on: September 30, 2006, 10:03:45 AM »
I have not really used ncsa to give user based persmission but by looking here and there I found that in squid you can give user seperate persmission ie. group of users.

So its like that you create acls
Code: [Select]

#This line force all user for authentication
acl admin proxy_auth REQUIRED

#This line is for general user who are allowed only mail websites
acl general proxy_auth user_pqr user_ghi

#Banking users
acl accounts proxy_auth user_1 user_2 user_3 user_4

#Here describing allowed mail sites
acl mail_sites_allowed dstdomain *.hotmail.com *mail.yahoo.com *.othermail_sites.com

#Here mentioning banking sites
acl banking_sites dstdomain *.banka.com *.bankB.com *.bankS.com

#Here all other sources of people which always deny so that not just anyone can access our proxy.
acl all src 0/0

#Now allowing access to everything to all users other than specified for banking and mail sites
http_access allow admin

#Giving access to general user when sites they are opeing are mail sites
http_access allow general mail_sites_allowed

#Similarly giving access to banking users when they open banking sits.
http_access allow accounts banking_sites

#Denying everything else.
http_access deny all


Here u can add username on and those are allowed for specific task and those whose username is not mentioned are allowed to open any site so they are admin.
I want to mention one thing more that its not tested and you may have to tweak a little ie hit and trial to get it working fully though I feel its fine.
So add user in nsca and mention their names explicitly in acls to define their access.

Offline sachin

  • New Member
  • Posts: 3
Thanks
« Reply #2 on: September 30, 2006, 11:58:48 AM »
Thank You for your instant reply Mr. Ricky. I will try your given acl.

regards,
Sachin