<br><br><div class="gmail_quote">On 18 June 2010 14:38, Kris Douglas <span dir="ltr"><<a href="mailto:krisdouglas@gmail.com">krisdouglas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> Hello, everyone, at work, I have just bought a foxconn netbox to use<br> as a squid proxy.<br> <br> The scenario is that everyone is looking at world cup stuff, and<br> little is being done. Anyway, we want to to be able to let certain<br> websites be accessible, so I made a whitelist, saved it to<br> /etc/squid/whitelist and I have set it to be allowed in the ACL menu.<br> (I am using webmin to control the configuration), I then made a user<br> "mviron", for the staff and a user madmin for the admins. I have set<br> their passwords and such in the authentication files. I then added<br> that authentication requirement to the squid config file. I allowed<br> our IP ranges access to the internet (<a href="http://10.10.8.0/24" target="_blank">10.10.8.0/24</a>) and set the web<br> browser proxy address to the squid box (proxy1). When I tried to load<br> a page, it said access denied and said it was set in the ACL. This is<br> the same for any machine on the network, including the local ubuntu<br> 10.04 squid machine.<br> <br> We basically want the users that login as mviron to only be able to<br> access the whitelist, and users who login as madmin can access the<br> whole of the internet.<br> <br> I'm going to put up a pastebin of the config file: <a href="http://pastebin.com/6Dc99Ty1" target="_blank">http://pastebin.com/6Dc99Ty1</a><br> <br> I would really appreciate if I could get some input on this, I would<br> not be posting here if I wasn't completely stumped, I have read loads<br> of guides and just can not get my head around it.<br> <br></blockquote><div><br></div><div>My squid-fu is very rusty but to me it would be more logical if the http_access lines that define the options for the acl started with the deny_all line like this:</div><div><span class="Apple-style-span" style="font-family: monospace; font-size: 12px; color: rgb(24, 24, 24); line-height: 18px; "><br> </span></div><div><span class="Apple-style-span" style="font-family: monospace; font-size: 12px; color: rgb(24, 24, 24); line-height: 18px; ">http_access deny all</span></div><div><span class="Apple-style-span" style="font-family: monospace; font-size: 12px; color: rgb(24, 24, 24); line-height: 18px; ">http_access allow ncsa_mviron_users whitelist</span></div> <div><span class="Apple-style-span" style="font-family: monospace; font-size: 12px; color: rgb(24, 24, 24); line-height: 18px; ">http_access allow ncsa_madmin_users</span></div></div><br clear="all">So that you assert that you are denying access to all, then allowing a whitelist to mviron_users and then all to madmin_users.<div> <br></div><div>s/</div><div><br>-- <br>Save BBC 6 Music <a href="http://www.love6music.com">http://www.love6music.com</a><br>My CV: <a href="http://bit.ly/sfgreenwood_cv">http://bit.ly/sfgreenwood_cv</a><br>Linkedin: <a href="http://www.linkedin.com/in/simonfgreenwood">http://www.linkedin.com/in/simonfgreenwood</a><br> Twitter: @sfgreenwood<br> </div>