Problem
With exercise three, you write and apply an ACL policy that implements the following requirements:
Allow network segment 192.168.4.0/24 from Monday to Friday from 09:30 to 18:00 through proxy access to the extranet
The IP address is 192.168.4.205 the host can not access the extranet at any time by proxy
4.2 Solutions
ACL access control permissions are defined through ACL directives.
ACL access control lists are applied through http_access.
Http_access strategy and rule order:
Http_access allows or prohibits a class of users from accessing the proxy based on the access control list;
Http_access rules are matched in the order they are arranged, and once the matching rules are detected, the matching detection ends immediately;
Access lists can consist of multiple rules;
If no rules match the access request, the default action will correspond to the last rule in the list;
Http_access defines the allowable rules by means of allow;
Http_access defines a deny rule by using Deny.
4.3 steps
The implementation of this case needs to follow the steps below.
Step One: Configure Squid access Control List
1) Modify the configuration file
[[email protected] ~]# vim /etc/squid/squid. Conf
.. ..
-
acl work_hours time MTWHF 09 : : //define working time
ACL LAN1 src 192.168.4.0 // /definition Network segment
ACL PC1 src 192.168.4.205 // /define host
#http_access allow localnet //comment diverted
http_access allow LAN1 work_hours //Apply an ACL rule that allows hosts within the network segment to use a proxy server during business hours
Http_access allow PC1 //apply ACL rules, allowing host
Http_access deny All//Reject all
2) Restart Squid service
[[email protected] ~]# service Squid restart
-
stopping squid: [ ok
starting squid: . [ OK ]
Step Three: Client testing
Verify that you can use a proxy server in the appropriate time by modifying the client IP address.
Operations ACL access Control simple configuration