ACL By IP not working

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ACL By IP not working

Yuan Yudistira
Hi

I have the following ACL on squidGuard.conf


# Destination lists
# Addresses are relative to the db directory
dest porn
{
        domainlist      blacklists/porn/domains
        urllist         blacklists/porn/urls
}

dest music
{
        domainlist      blacklists/music/domains
        urllist         blacklists/music/urls
}

dest movies
{
        domainlist      blacklists/movies/domains
        urllist         blacklists/movies/urls
}

dest spyware
{
        domainlist      blacklists/spyware/domains
        urllist         blacklists/spyware/urls
}

dest warez
{
        domainlist      blacklists/warez/domains
        urllist         blacklists/warez/urls
}

dest redirector
{
        domainlist      blacklists/redirector/domains
        urllist         blacklists/redirector/urls
}

dest adv
{
        domainlist      blacklists/adv/domains
        urllist         blacklists/adv/urls
}

dest drugs
{
        domainlist      blacklists/drugs/domains
        urllist         blacklists/drugs/urls
}

src ipWartawanHiburan {
 ip 172.20.21.102 172.20.21.76
}

src IT {
 ip 172.20.21.186
}

# Access Control
acl
{
        # During Business hours
        # Stop the embarassing stuff and speed up the connecti

        ipWartawanHiburan {
             pass movies !porn music !spyware !warez !redirector !adv !drugs any
         }

         IT {
              pass movies porn!music spyware warez redirector !adv !drugs any
         }
         
        default {
             pass !porn  !music !movies !spyware !warez !redirector
!adv !drugs all
             redirect http://172.20.21.231/blokir/
        }
}

I want to set access to a certain IP
ipWartawanHiburan can access movies,

the above acl is not working.
Please help


Thanks

YUAN

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Limitless undying love
which shines around me like a million suns
It calls me on and on across the universe...."
Accross The Universe   - The Beatles -
--------------------------------------------
Visit :
http://www.sabukhitam.com/
======================
Reply | Threaded
Open this post in threaded view
|

RE: ACL By IP not working

Mark Barlow
Not an expert in squidguard but I'll have a stab.

Not sure if it matters, but all the examples I've seen have the first curly
bracket on the dest line, could be the e-mail adding a carriage return.

In the acl for the ipWartawanHiburan I don't think that you can have 2
separate IP addrsses on 1 line.  You can select a range i.e.
192.168.0.1-192.168.0.10 with a hyphen or a network with an Ip address and
netmask.  If you are selecting 2 non sequential IP addresses, put them on
separate lines, i.e.
src ipWartawanHiburan {
  ip 172.20.21.102
        ip 172.20.21.76
}

The only other thing I can see assuming you have cut and paste from you conf
file is that you are missing a space on the acl line for IT at porn!music

Regards
 
Mark Barlow

-----Original Message-----
From: Yuan Yudistira [mailto:[hidden email]]
Sent: 18 May 2007 16:45
To: [hidden email]
Subject: [squid-users] ACL By IP not working

Hi

I have the following ACL on squidGuard.conf


# Destination lists
# Addresses are relative to the db directory
dest porn
{
        domainlist      blacklists/porn/domains
        urllist         blacklists/porn/urls
}

dest music
{
        domainlist      blacklists/music/domains
        urllist         blacklists/music/urls
}

dest movies
{
        domainlist      blacklists/movies/domains
        urllist         blacklists/movies/urls
}

dest spyware
{
        domainlist      blacklists/spyware/domains
        urllist         blacklists/spyware/urls
}

dest warez
{
        domainlist      blacklists/warez/domains
        urllist         blacklists/warez/urls
}

dest redirector
{
        domainlist      blacklists/redirector/domains
        urllist         blacklists/redirector/urls
}

dest adv
{
        domainlist      blacklists/adv/domains
        urllist         blacklists/adv/urls
}

dest drugs
{
        domainlist      blacklists/drugs/domains
        urllist         blacklists/drugs/urls
}

src ipWartawanHiburan {
 ip 172.20.21.102 172.20.21.76
}

src IT {
 ip 172.20.21.186
}

# Access Control
acl
{
        # During Business hours
        # Stop the embarassing stuff and speed up the connecti

        ipWartawanHiburan {
             pass movies !porn music !spyware !warez !redirector !adv !drugs
any
         }

         IT {
              pass movies porn!music spyware warez redirector !adv !drugs
any
         }
         
        default {
             pass !porn  !music !movies !spyware !warez !redirector
!adv !drugs all
             redirect http://172.20.21.231/blokir/
        }
}

I want to set access to a certain IP
ipWartawanHiburan can access movies,

the above acl is not working.
Please help


Thanks

YUAN

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Limitless undying love
which shines around me like a million suns
It calls me on and on across the universe...."
Accross The Universe   - The Beatles -
--------------------------------------------
Visit :
http://www.sabukhitam.com/
======================


Reply | Threaded
Open this post in threaded view
|

RE: ACL By IP not working

Mark Barlow
OK another go.

Firstly, you do not need to explicitly allow certain lists, if you have an
all statement, it will pass anything that you have not restricted.
Secondly, on closer inspection, I notice that you have used "any" at the end
of your 2 acl's it should be "all".

Regards
 
Mark Barlow
 

-----Original Message-----
From: Yuan Yudistira [mailto:[hidden email]]
Sent: 21 May 2007 11:11
To: Mark Barlow
Subject: Re: [squid-users] ACL By IP not working

Thank you for your reply,
I have fixed according to your suggestion,
but there is no luck.

PC with IP address IT and ipWartawanHiburan still can not access movies
site.

Blocked by default rule?

Any idea?

Thanks in advance


YUAN


On 5/21/07, Mark Barlow <[hidden email]> wrote:
> Not an expert in squidguard but I'll have a stab.
>
> Not sure if it matters, but all the examples I've seen have the first
curly

> bracket on the dest line, could be the e-mail adding a carriage return.
>
> In the acl for the ipWartawanHiburan I don't think that you can have 2
> separate IP addrsses on 1 line.  You can select a range i.e.
> 192.168.0.1-192.168.0.10 with a hyphen or a network with an Ip address and
> netmask.  If you are selecting 2 non sequential IP addresses, put them on
> separate lines, i.e.
> src ipWartawanHiburan {
>         ip      172.20.21.102
>         ip      172.20.21.76
> }
>
> The only other thing I can see assuming you have cut and paste from you
conf

> file is that you are missing a space on the acl line for IT at porn!music
>
> Regards
>
> Mark Barlow
>
> -----Original Message-----
> From: Yuan Yudistira [mailto:[hidden email]]
> Sent: 18 May 2007 16:45
> To: [hidden email]
> Subject: [squid-users] ACL By IP not working
>
> Hi
>
> I have the following ACL on squidGuard.conf
>
>
> # Destination lists
> # Addresses are relative to the db directory
> dest porn
> {
>         domainlist      blacklists/porn/domains
>         urllist         blacklists/porn/urls
> }
>
> dest music
> {
>         domainlist      blacklists/music/domains
>         urllist         blacklists/music/urls
> }
>
> dest movies
> {
>         domainlist      blacklists/movies/domains
>         urllist         blacklists/movies/urls
> }
>
> dest spyware
> {
>         domainlist      blacklists/spyware/domains
>         urllist         blacklists/spyware/urls
> }
>
> dest warez
> {
>         domainlist      blacklists/warez/domains
>         urllist         blacklists/warez/urls
> }
>
> dest redirector
> {
>         domainlist      blacklists/redirector/domains
>         urllist         blacklists/redirector/urls
> }
>
> dest adv
> {
>         domainlist      blacklists/adv/domains
>         urllist         blacklists/adv/urls
> }
>
> dest drugs
> {
>         domainlist      blacklists/drugs/domains
>         urllist         blacklists/drugs/urls
> }
>
> src ipWartawanHiburan {
>  ip     172.20.21.102 172.20.21.76
> }
>
> src IT {
>  ip     172.20.21.186
> }
>
> # Access Control
> acl
> {
>         # During Business hours
>         # Stop the embarassing stuff and speed up the connecti
>
>         ipWartawanHiburan {
>              pass movies !porn music !spyware !warez !redirector !adv
!drugs

> any
>          }
>
>          IT {
>               pass movies porn!music spyware warez redirector !adv !drugs
> any
>          }
>
>         default {
>              pass !porn  !music !movies !spyware !warez !redirector
> !adv !drugs all
>              redirect http://172.20.21.231/blokir/
>         }
> }
>
> I want to set access to a certain IP
> ipWartawanHiburan can access movies,
>
> the above acl is not working.
> Please help
>
>
> Thanks
>
> YUAN
>
> --