[ubuntu-uk] OT, but having some problems with Squid
Ron Wellsted
ron at wellsted.org.uk
Fri Jun 18 15:44:07 BST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18/06/10 15:22, Kris Douglas wrote:
> On 18 June 2010 15:10, Simon Greenwood <sfgreenwood at gmail.com> wrote:
>>
>>
>> On 18 June 2010 14:38, Kris Douglas <krisdouglas at gmail.com> wrote:
>>>
>>> Hello, everyone, at work, I have just bought a foxconn netbox to use
>>> as a squid proxy.
>>>
>>> The scenario is that everyone is looking at world cup stuff, and
>>> little is being done. Anyway, we want to to be able to let certain
>>> websites be accessible, so I made a whitelist, saved it to
>>> /etc/squid/whitelist and I have set it to be allowed in the ACL menu.
>>> (I am using webmin to control the configuration), I then made a user
>>> "mviron", for the staff and a user madmin for the admins. I have set
>>> their passwords and such in the authentication files. I then added
>>> that authentication requirement to the squid config file. I allowed
>>> our IP ranges access to the internet (10.10.8.0/24) and set the web
>>> browser proxy address to the squid box (proxy1). When I tried to load
>>> a page, it said access denied and said it was set in the ACL. This is
>>> the same for any machine on the network, including the local ubuntu
>>> 10.04 squid machine.
>>>
>>> We basically want the users that login as mviron to only be able to
>>> access the whitelist, and users who login as madmin can access the
>>> whole of the internet.
>>>
>>> I'm going to put up a pastebin of the config file:
>>> http://pastebin.com/6Dc99Ty1
>>>
>>> I would really appreciate if I could get some input on this, I would
>>> not be posting here if I wasn't completely stumped, I have read loads
>>> of guides and just can not get my head around it.
>>>
>>
>> My squid-fu is very rusty but to me it would be more logical if the
>> http_access lines that define the options for the acl started with the
>> deny_all line like this:
>> http_access deny all
>> http_access allow ncsa_mviron_users whitelist
>> http_access allow ncsa_madmin_users
>> So that you assert that you are denying access to all, then allowing a
>> whitelist to mviron_users and then all to madmin_users.
>> s/
>> --
>> Save BBC 6 Music http://www.love6music.com
>> My CV: http://bit.ly/sfgreenwood_cv
>> Linkedin: http://www.linkedin.com/in/simonfgreenwood
>> Twitter: @sfgreenwood
>>
>> --
>> ubuntu-uk at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
>> https://wiki.ubuntu.com/UKTeam/
>>
>>
>
> Haha, it's not just that it's the world cup, the internet is being
> hammered, and we need to maintain a suitable call quality, we are
> getting the line updated, but the proxy cache should improve it when
> pages aren't filtered.
>
Rather than doing this in Squid, install SquidGuard and/or Dansguardian.
These are designed as filters and are much better at applying
restrictions than Squid itself.
- --
Ron Wellsted
ron at wellsted.org.uk http://www.wellsted.org.uk
N 52.567623, W 2.136111 Linux Counter No. 202120
Ekiga: 645022
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwbhjcACgkQ8lOfTmhjD3MhQwCeLHon2TIavzpOuLLRa6prTy4y
h6wAoIev9ipv+FU5YyBgnjk/b20jZm2B
=ERnJ
-----END PGP SIGNATURE-----
More information about the ubuntu-uk
mailing list