acl workhours time MTWHF 9:00-18:00# only include lunchtimes
acl lunchtimes time MTWHF 13:00-14:00# only include weekends
acl weekends time AS 00:00-23:59# include URLs ending in ".zip". Note: the \ is important,
# because "." has a special meaning otherwise
acl zipfiles url_regex -i \.zip$# include URLs starting with https
acl httpsurls url_regex -i ^https# include all URLs that match "Hotmail""
url_regex hotmail url_regex -i hotmail# include three specific IP addresses
acl directors src 10.0.0.14 10.0.0.28 10.0.0.31# include all IPs from 192.168.0.0 to 192.168.0.255
acl internal src 192.168.0.0/24# include all IPs from 192.168.0.0 to 192.168.0.255
# and all IPs from 10.0.0.0 to 10.255.255.255
acl internal src 192.168.0.0/24 10.0.0.0/8When you have your ACL lines in place, you can put together appropriate
http_access lines. For example, you might want to use a multilayered
access system so that certain users (for example, company directors) have full
access, whereas others are filtered. Here is an example:
Click here to view code image
http_access allow directors
http_access deny hotmail
http_access deny zipfiles
http_access allow internal lunchtimes
http_access deny all
Because Squid matches these lines in order, directors will have full, unfiltered
access to the web. If the client IP address is not in the directors list, the two
deny lines are processed so that the user cannot download zip files or read
online mail at Hotmail. After blocking those two types of requests, the allow
rule on line 4 allows internal users to access the web, as long as they do so
only at lunchtime. The last line (which is highly recommended) blocks all
other users from the proxy.