Topic: squid acl's

[byte]

Guys,

On a old 6.0 box I did my own custom template which used these files...

20ACL00all
40http_access75AllowLocal
40http_access99denyall

In 20ACL00all I had...

acl all src 0.0.0.0/0.0.0.0
acl user1 src 192.168.1.67/32
acl AllDomain dst 0.0.0.0/0.0.0.0
acl AllowedDomain dstdomain www.yahoo.co.uk


In 40http_access75AllowLocal I had...

http_access allow user1 AllowedDomain
http_access deny user1 AllDomain
http_access allow localsrc

And in 40http_access99denyall I had...

http_access deny all

Now once I expanded and restarted service nothing works (doesn't block any webpages) as before in earlier versions.

The only thing I notice is there is a "new" 20ACL10localhost which has the following....

{
    use esmith::NetworksDB;

    my $ndb = esmith::NetworksDB->open_ro();

    $localAccess = $ndb->local_access_spec();

    $OUT .= "acl localsrc src $localAccess\n";
    $OUT .= "acl localdst dst $localAccess";
}

I wonder what I would need to do to get it working with what I need does anyone have any tips?

I know mastersleepy has done a contrib to allow ips but I would like to create a custom template as in the past to restrict some ips.

[Tib]

byte

Do you want to only restrict certain IP's from internet access?

I have rehashed an old SME6 squidpropeties contrib (Tech-Geeks.Org) that restricts http access to IP's you put in the selection as well as flush the cache and bypass cache for certain local domains.

The IP banning is back the front to mastersleepy's contrib ... his bans all ip's and you have to select the ones to unban (great concept in some networks).

The one I modified allows all IP's and you have to select the ones you want to ban.

If this is what you are after let me know your e-mail address and I'll mail it to you ... I have modified this only for my personal use as I dont know what to do to release a modified contrib belonging to someone else.

I have mailed the author but no reply.

Regards,

Tib

[byte]

byte

Do you want to only restrict certain IP's from internet access?

Hi Tib,

Yes that's exactly what I'm trying to do, if you could send to removed

Many thanks in advance

[Teviot]

I would like that too.  Is there a url that we can get it from

Regards
Adrian

[Tib]

Hello All

I have setup a temp link to the files ...

http://www.cooltemp.com.au/smefiles/smeserver-squidproperties-1.0.0-01.noarch.rpm

Here is the src file as well ...

http://www.cooltemp.com.au/smefiles/smeserver-squidproperties-1.0.0-01.src.rpm

Like I have stated many times ... I'm new at this so please test.

It is working on our production server no probs but I would still be more comfortable if someone with more experiance would double check these files out.

I modified the origional Tech-Geeks.Org tar (squidProperties-0.3.tar) and created the rpm files ... below is the modified tar file.

http://www.cooltemp.com.au/smefiles/smeserver-squidproperties-0.4.tar

Regards,

Tib

[byte]

Moving this topic to the SME Server 7.x Contribs forum, it is more appropriate there. Thanks! again Tib