Tip:
Highlight text to annotate it
X
Welcome to this presentaion of time restrictions with SQUID. We are using a very simple SUSE 9.3 distro with just the TWM window manager.
First lets just can root access with the su - command
Squid is already installed. Lets look at the configuartion file /etc/squid/squid.conf
Look at this!, 3,500 lines most of which are comments
First lets make a backup of the squid.conf
We will use grep to remove commented lines ( -ve ^# ) and blank lines ( -ve ^$ ) and send the changes back to squid.conf. grep -ve ^# -ve ^$ squid.conf.orig > squid.conf
So we can now see that we have reduced the lines from 3500 to 35. AMAZING!!
So we will no edit the squid.conf with vi ( or any editor )
The defaulst allows localhost access only. We will add a rule to allow the 172.17.0.0 network in , our local network acl localnet src 172.17.0.0/16
acl localnet src 172.17.0.0/16
Move down to allow access to our new rule. Look for the http_access lines and add a rule BEFORE any DENY
http_access allow localnet
Save the changes ESC : x . And then start the squid server. In SUSE "rcsquid start", other distros may be "service squid start"
And make sure the service will start at boot time with "chkconfig -a squid"
Set your worksation to point to the proxy ipaddress and the default port is 3128
The workstation does not have direct access to the internet but can access web pages through the proxy as it meets the rule from the localnet.
So lets put some time restrictions in. First re-edit the /etc/squid/squid.conf
Add the acl "acl weekday time D 18:00-21:00" D represents Monday through Friday
Edit your http_allow rule to say that the device must be on the local network and weekday evenings.
http_access allow localnet weekday
Save the changes and don't forget to restart or stop and start squid server
Now we see that, as it is not yet 6pm, we cannot access the internet.
We may need to add additonal times for the weekends.
I have ammended the weekday time to include the current time. I will copy and paste that line now.
We will change this to represent the weekend AS (Saturday Sunday ) and 12 till 2 pm. acl weekend time AS 12:00-14:00
We probably still want the evening time as well. So duplicate the first weekend time.
Ammend it ot include 6 pm to 9 pm acl weekend time AS 18:00-21:00
The tow weekend acls combine together to represent 12-2 and 6-9
add a new http_access rule http_access allow localnet weekend
The client can access as it is weekday and I have allowed access after 1 pm. I won't test the weekend acl but it will work :-)