Hi !!
We are trying to prevent the download of software from some of our users, and we have managed do to that, for test purposes, using http_reply_access combined with user acls.
Now that everything is ok, we would like to apply these rules combined with windows groups (we use ntlm authentication).
We have read a message posted by Henrik Nordstrom stating that http_reply_access cannot wait for external acl, but suggesting the following workaround:
"You can work around this quite well (but not 100%) by making sure the same acls is evaluated in http_access, allowing Squid to cache the result before processing your http_reply_access rules. A simple method to have acls evaluated in http_access without affecting the http_access outcome is to use combine them with a dummy acl that will never match anything
acl nothing src 0.0.0.0/32 http_access deny acl_that_needs_to_be_evaluated nothing somewhere before where access is allowed.."
I didn´t really understand how does it work... By doing this, can I use "acl_thar_needs_to_be_evaluated", wich, in our case, would be an external acl using wbinfo_group.pl, in a http_reply_access rule? Or, better yet, is there a simpler way to do that?
Thanks in advance, Carlos Zottmann.
