Hi !!
I have sent this message to the list yesterday, but, as I didn´t receive any answers, I thougth that it may not have been received ...
We are trying to prevent the download of software from some of our users, and we have managed do to that, for test purposes, using http_reply_access combined with user acls.
Now that everything is ok, we would like to apply these rules combined with windows groups (we use ntlm authentication).
We have read a message posted by Henrik Nordstrom stating that http_reply_access cannot wait for external acl, but suggesting the following workaround:
"You can work around this quite well (but not 100%) by making sure the same acls is evaluated in http_access, allowing Squid to cache the result before processing your http_reply_access rules. A simple method to have acls evaluated in http_access without affecting the http_access outcome is to use combine them with a dummy acl that will never match anything
acl nothing src 0.0.0.0/32 http_access deny acl_that_needs_to_be_evaluated nothing somewhere before where access is allowed.."
I didn´t really understand how does it work... By doing this, can I use "acl_thar_needs_to_be_evaluated", wich, in our case, would be an external acl using wbinfo_group.pl, in a http_reply_access rule? Or, better yet, is there a simpler way to do that?
Thanks again, Carlos Zottmann.
