Squid - Rules for groups

Started by filhoarrais, September 12, 2016, 02:32:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 12, 2016, 02:32:22 PM
Hello,
I looked for options rules by groups and found there is this feature available?

Directly in the configuration file I could create the following rules.

Quote
# ACL  mac address

acl TI arp "/etc/squid3/rules2/mac-nivel8.txt"
acl DIRETORIA arp "/etc/squid3/rules2/mac-nivel7.txt"
acl GERENCIA arp "/etc/squid3/rules2/mac-nivel5.txt"
acl COMUNICACAO arp "/etc/squid3/rules2/mac-nivel6.txt"
acl COMPRAS arp "/etc/squid3/rules2/mac-nivel4.txt"
acl ITMS arp "/etc/squid3/rules2/mac-nivel3.txt"
acl REGULACAO arp "/etc/squid3/rules2/mac-nivel2.txt"
acl BLOQUEADOS1 arp "/etc/squid3/rules2/mac-nivel1.txt"
acl BLOQUEADOS0 arp "/etc/squid3/rules2/mac-nivel0.txt"

# ACL pages

acl NOT-TI url_regex -i "/etc/squid3/rules2/sites-nivel8.txt"
acl NOT-DIRETORIA url_regex -i "/etc/squid3/rules2/sites-nivel7.txt"
acl NOT-COMUNICACAO url_regex -i "/etc/squid3/rules2/sites-nivel6.txt"
acl NOT-GERENCIA url_regex -i "/etc/squid3/rules2/sites-nivel5.txt"
acl NOT-COMPRAS url_regex -i "/etc/squid3/rules2/sites-nivel4.txt"
acl ACCEPT-ITMS url_regex -i "/etc/squid3/rules2/sites-nivel3.txt"
acl ACCEPT-REGULACAO url_regex -i "/etc/squid3/rules2/sites-nivel2.txt"
acl ACCEPT-BLOQUEADOS1 url_regex -i "/etc/squid3/rules2/sites-nivel1.txt"
acl ACCEPT-BLOQUEADOS0 url_regex -i "/etc/squid3/rules2/sites-nivel0.txt"


# Rules
http_access allow ITMS ACCEPT-ITMS
http_access allow BLOQUEADOS0 ACCEPT-BLOQUEADOS0
http_access allow BLOQUEADOS1 ACCEPT-BLOQUEADOS1
http_access allow REGULACAO ACCEPT-REGULACAO
http_access allow TI !NOT-TI
http_access allow DIRETORIA !NOT-DIRETORIA
http_access allow COMUNICACAO !NOT-COMUNICACAO
http_access allow GERENCIA !NOT-GERENCIA
http_access allow COMPRAS !NOT-COMPRAS

How could create groups of pages to be blocked / allowed by defining a user group, IP, Mac address?
September 12, 2016, 04:06:01 PM #1
by using deny instead of allow and with different type of the acl ;)
September 15, 2016, 12:24:21 AM #2
The settings above are applied as they are today in Squid (Debian for instance). I want to you can use this same hierarquuia in OPNsense, however, the control panel and not directly in the configuration file.
Print
Go Up Pages1
User actions