Access Rules

 Top  Previous  Next

The access rules are defined in the Rules section on the Filtering page. The [match] line must precede the rules definition.

The specific if operators are user to define the rules.

The if operator syntax:

if BOOL_EXPR {
 config_block
}

where BOOL_EXPR is a logical expression, а config_block is a list of parameter, to which new values, different from the global values, specified on the Filtering page (in the Content section), are to be assigned.

Examples

If it is necessary to block access to Internet resources from the Adult and Email lists during working hours of the local network users, as well as block access from a certain IP address, you can specify the following rule:

[match]
if (local_ip() ||
   request_ip <<= "87.249.57.20") &&
   worktime()
{
 BlockAdult = yes
 BlockEmail = yes
}

If you want to block access to Internet resources from the Terrorism list during night time (from 23:00 to 8:00) for certain IP addresses, you can specify the following rule:

[match]
if (request_ip <<= "93.185.182.46" ||
   request_ip <<= "195.98.93.66") &&
   (system_time>="23:00" ||
   system_time<="8:00")
{
 BlockTerrorism = yes
}

To prevent Internet access during nonworking time for the "edx" user:

[match]
if request_username=="edx" && !worktime()
{
 BlockAll = yes
}

Note that local_ip() and worktime() macro, used in the examples, must be predefined.

To block access to a certain Internet resource for all users whose name either matches the "john.*" regular expression, or any regular expression specified in the file, or one of the lines in the file, use the following rule:

[match]
if (request_username ~ "john.*" ||
request_username ~ file:"/tmp/icapd/users_re_block.txt"
|| request_username == file:"/tmp/icapd/users_block.txt")
&& (request_url == "http://example.com/mega_music.mp3")
{
 BlockAll = yes
}

Note that setting the BlockAll parameter value to No does not mean enabling access to all resources when the rule is true. In this case, access to a resource is allowed if it is either included in user-defined white list or not included in active black lists (in both blocked categories of Internet resources and user-defined black lists). To manage active categories and user-defined white and black lists, use the Filtering page.

If in normal mode access to resources is blocked due to being on the black lists, but it is required to allow access to some of these resources, specify a corresponding rule.

For example, let it be required to allow access to socialnetwork.com for users whose IP address is within 192.168.1.1/32 network range, despite this resource being included in SocialNetwork and Chats active categories:

if (request_ip <<= "192.168.1.1/32") && (request_url ~ "socialnetwork.com")
{
 BlockSocialNetwork = no
 BlockChats = no
}

This rule allows access to resources included in SocialNetwork and Chats active categories only if both of the following conditions are true:

client's IP address is within the 192.168.1.1/32 range

the requested URL contains the socialnetwork.com substring.

Otherwise, global settings, specified on the Filtering page (Content section), are applied. Note that if a resource matches several categories, it is required to disable blocking of the resource by all of the categories.