I have Squid running without access restriction. It did not bug me for a very long time, LINUX ROCKS!!! :cool: , until the people on top of the chain of command decided to impose internet access restriction.

I need create an access list that will restrict the unlucky group of people access to the internet during office hours.

I know SQUID can restrict web access by time but can this restriction be applied just to a aprticular group of people leaving the remaining full access to the internet?

I did some digging but what I understand is these restrictions are global. If I added an ACL for time restriction all will be impacted. So I am a little confuse :confused: I am pretty sure this can be done it is jus how.

So I am open to suggestion. Thanks in advance :p

you have design a way to designate the group, the most ideal way is to make your users authenticate to the proxy, there are various ways to integrate into your network ie making seamless authentication with active directory support, or ldap, or nis ect ect

or if you have more fine grained access control, you can just acl them by IP address

thanks for the comment dkeav

lets say i choose to stick to acl by ip address as SQUID is just so cool :p

if my users are smart (which they are), they will be able to work around the proxy by manually specifying an ip address which is not in the acl list. oh ... forgot to mentioned i m using static ip :D

can i wrote the acl in a way that only certain user's are bound to the restriction whereas the remaining remain excluded :p

p/s i know sometimes i sounded demanding, so my apologies :D

one you should use dhcp (and assign ip's statically based on mac address) static ip's on the client end is disorganized and annoying

two you will probably want to use the authentication method instead then, you can then place users in that are not allowed into a designated group and apply the acl to allow all users !<banned> !==not

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_S quid#Restricting_Web_Access_By_Time

just a though ;)

according to the link above i can implement Password Authentication Using NCSA
can i create 2 "squid_passwd" files
one for access after office hours
one for no restriction

by keeping order of the statement in mind will SQUID be smart enough to differentiate which is which?
if yes i think my problem is solve then :)

dkav: thanks for the dhcp sugestion. i will giv it a try :D