How to configure source IP acls in SquidGuard

If you have policies in place granting some people access to more sites than others you have different options how to implement this policy. One way is to define source IP acls. This can only work if your user groups are well separated within your network.
Assuming that this is the case you can now define the source IP ranges in your squidGuard.conf the following way:

Defining source IP addresses
src admins {
        ip      192.168.2.0-192.168.2.255
        ip      172.16.12.0/255.255.255.0
        ip      10.5.3.1/28
}

You can secify IP addresses directly as well as defining IP ranges using a from-to notation, defining the netmask or use the netmask prefix abbreviation.
Annotation: If you have many network definitions for a user group you can put that info into a separate file and just tell your squidGuard.conf about the location of the file. In this case you write in your squidGuard.conf:

src admins {
        iplist      adminlist
}

SquidGuard will look for a file called adminlist located wherever you pointed your dbhome directive to. Alternatively you can specify an absolute path with your filename. The file itself holds the information in the following style:

192.168.2.0-192.168.2.255
172.16.12.0/255.255.255.0
10.5.3.1/28

, , , , ,

Squid



Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Categories

Recent Posts