Example Usage

If it is necessary to block access to Internet resources from the Adult and Email lists during working hours of the local network users, as well as block access from a certain IP address, you can specify the following rule:

[match]
if (local_ip() ||
   request_ip <<= "87.249.57.20") &&
   worktime() {
 BlockAdult = yes
 BlockEmail = yes
}

If you want to block access to Internet resources from the Terrorism list during night time (from 23:00 to 8:00) for certain IP addresses, you can specify the following rule:

[match]
if (request_ip <<= "93.185.182.46" ||
   request_ip <<= "195.98.93.66") &&
   (system_time>="23:00" ||
   system_time<="8:00")
{
 BlockTerrorism = yes
}

To prevent Internet access during nonworking time for "edx" user:

[match]
if request_username=="edx" && !worktime()
{
 BlockAll = yes
}

Note that worktime() function, used in the examples, must be predefined in the [def]section.

To block access to a certain Internet resource for all users whose name either matches the "john .*" regular expression, or any regular expression specified in the file, or one of the lines in the file, use the following rule:

[match]
if (request_username ~ "john.*" ||
request_username ~ file:"/tmp/icapd/users_re_block.txt"
|| request_username == file:"/tmp/icapd/users_block.txt")
&& (request_url=="http://example.com/mega_music.mp3")
{
 BlockAll = yes
}

Note that setting the BlockAll parameter value to No does not mean enabling access to all resources when the rule is true. In this case, access to a resource is allowed if it is either included in user-defined white list or not included in active black lists (in both <NAME> content-specific lists, which are active when the corresponding Block<Name> parameters are set to Yes, and user-defined black lists).

If in normal mode access to resources is blocked due to being on the black lists, but it is required to allow access to some of these resources, specify a corresponding rule.

For example, let it be required to allow access to socialnetwork.com for users whose IP address is within 192.168.1.1/32 network range, despite this resource being included in SocialNetwork and Chats active black lists.

if (request_ip <<= "192.168.1.1/32") && (request_url ~ "socialnetwork.com")
{
BlockSocialNetwork = no
BlockChats = no
}

This rule allows access to resources included in SocialNetwork and Chats black lists only if both of the following conditions are true:

•client's IP address is within the 192.168.1.1/32 range

•the requested URL contains the socialnetwork.com substring.

Otherwise, global settings, specified in the configuration file, are applied. Note that if a resource matches several black list categories, it is required to disable blocking of the resource by all of the black lists.