Hi all,

I was asked to setup squid to allow access to only certain sites during
certain times and allow unrestricted aceess at other times.
This was in a classroom environment; the professor wanted users to be
able to surf the web freely only during break times which in this case
were 0930-0945 and 1100-1130.

I setup the following acls:

acl allowedhosts src 192.168.2.0/24
acl professor src 192.168.2.8
acl allowedsites1 dstdomain "/etc/squid/allowedsites1"
acl morning time MTWHF 00:00-08:00
acl break time MTWHF 09:30-09:45
acl lunch time MTWHF 11:00-11:30
acl night time MTWHF 13:00-24:00

http_access allow professor
#http_access allow allowedhosts
http_access allow allowedhosts allowedsites1
http_access allow allowedhosts morning
http_access allow allowedhosts break
http_access allow allowedhosts lunch
http_access allow allowedhosts night
http_access deny all

Below is an explaination of the acls:

acl allowedhosts src 192.168.2.0/24 (define the network,
anyone on the network is part of allowedhosts)
acl professor src 192.168.2.8 (professor has static ip and
full access as defined below)
acl allowedsites1 dstdomain "/etc/squid/allowedsites1"
(refers to location of list of allowable site file, make sure
to use quotation marks)
acl morning time MTWHF 00:00-08:00 (each of these lines simply
defines a period of time)
acl break time MTWHF 09:30-09:45
acl lunch time MTWHF 11:00-11:30
acl night time MTWHF 13:00-24:00

http_access allow professor (allows the professor unrestricted access)
#http_access allow allowedhosts (at times it may be
necessary to allow everyone unrestricted access during
restricted time, this line would need to be enabled and the line
below remmed out and squid restarted)
http_access allow allowedhosts allowedsites1 (this line allows
allowedhosts access to only the sites
listed in allowedsites1)
http_access allow allowedhosts morning (these line simpy
correspond with the acl definitions listed above)
http_access allow allowedhosts break
http_access allow allowedhosts lunch
http_access allow allowedhosts night
http_access deny all (this line denys access to anyone not defined
elsewhere)

Keep in mind squid reads acl lines from the top down and once it finds a
line whose condition it can meet it looks no further.

I hope this help,

Dan Kirk