One for the Squid users
Hi Now I am hoping that the Squid users out there can help me. I (well my boss !) would like to be able to set up Squid in such a way that Sixthform users can have free access to the Internet but lower school can only have access to sites that we specify. Here are my thoughts. I can dictate the IP address and port number that a user has to connect to Squid. So what I thought was have Squid on either 2 IP addresses or 2 ports (8080 & 8181). Then set ACL lists accordingly. This is where I come unstuck. I can't quite see how to block all outgoing requests on port 8181 except for requests that are contained in a list. I hope someone understands the question for a start let alone has an answer ! I suggested to my boss that he buys another machine, it would be dead easy with 2 ! He didn't like that much . . . TIA Dave Turnbull ICT Technician The Purbeck School www.purbeck.dorset.sch.uk
Now I am hoping that the Squid users out there can help me. I (well my boss !) would like to be able to set up Squid in such a way that Sixthform users can have free access to the Internet but lower school can only have access to sites that we specify.
I have only recently worked this out after running Squid for two years. Our squid.conf contains lines like this: acl bad-sites dstdomain "/usr/local/etc/squid/bad-sites" acl webmail dstdomain "/usr/local/etc/squid/webmail-sites" acl bad-types urlpath_regex -i "/usr/local/etc/squid/bad-types" acl webmailtimes time "/usr/local/etc/squid/webmail-times" acl staffhosts srcdomain "/usr/local/etc/squid/staffhosts" http_access deny bad-sites http_access deny webmail !webmailtimes !staffhosts http_access deny bad-types where the file webmailtimes contains 05:00-08:00 13:10-19:30 and the file staffhosts contains at one per line the names of permitted machines. You need only a file containing blocked (or allowed) sites and another containing a list of blocked (or allowed) machines and then construct the appropriate http_deny line. Items on the line are ANDed together, and ! says NOT. So our staffhosts can access hotmail at any time, while other machines are limited to prescribed times. The file bad-types contains at present, BTW, \.viv$ \.mov$ \.mp3$ \.avi$ \.mpg$ \.ace$ -- Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG 01371-820527 or 07798 636725 cchd@felsted.essex.sch.uk
participants (2)
-
Christopher Dawkins
-
Purbeck School Network Support