aside from default configuration in squid.conf. i inserted this lines to control web access. i have the "iplist" file, list of ip's to be exluded. "blockyahoo" file, list of yahoo domains to be block at certain time.
acl our_networks src 192.168.0.0/24
acl exceptionip src "etc/squid/iplist"
acl break_time time M T W H F A 12:00-13:00
acl blockyahoo srcdomain "/etc/squid/blockyahoo"
http_access allow our_networks break_time
http_access allow blockyahoo break_time
http_access allow exceptionip
http_access allow localhost
http_access deny all
here is the problem, there are ip's that is being blocked and there are ip's that are seems not affected by the acl. The ip's are obtained from dhcpd server in FC4.
I can spot an error in the blockyahoo acl. You used "srcdomain" instead of "dstdomain". I assume you want to block access to yahoo domains rather than from them.
I assume you also know that Squid exits the access list when a match is made. That means that any IPs in the "exceptionip" acl which are also in the "our_networks" acl will still only be able to gain access during "break_time".
Hope this helps.
but there are IPs that could still browse even it is not included on the iplist exemption file.
If you have not locked down all access to the internet at the IP level using some sort of egress filtering scheme/firewall (e.g. iptables), then PCs will always be able to bypass your Squid proxy. You need to ensure that all clients have to go through the Squid proxy in order to access the internet. Provide some more details about your network if you need more help.
i have dansguardian installed and transparent proxied. all works well, just want to add time-web-access control. if you can give me other method aside from squid, im going to try it. i just want to have a control over the the time-usage