Search squid archive

configuring Squid to authenticate AND to log users' access to forbidden sites.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Squid ubergeeks,

I am configuring a Squid (2.5-STABLE9 in a Fedora Core 4) to authenticate users into a LDAP directory. Having succeeded in that configuration, my next challenge is to implement access control AND logging of users' accesses to forbidden sites.

I created two url_regex lists, semacesso.txt for porn and other banned sites and liberado.txt, which contain regexes for sites that, not being porn or any other crap, could be blocked because they contain a substring appearing to be a porn site (eg esSEX.ac.uk). 

I have two problems to solve:

1)  My Squid.conf relevant lines below:

[...]
acl autenticados proxy_auth REQUIRED
[...]
acl liberado dstdom_regex "/etc/squid/liberado.txt"
acl semacesso dstdom_regex "/etc/squid/semacesso.txt"
[...]
http_access allow autenticados

http_access allow liberado
http_access deny semacesso
[...]
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
[...]

In this configuration it allows an authenticated user to access any site, even the forbidden ones. OTOH, I put the 'liberado' and 'semacesso' lines ABOVE the authentication line, the user does not access forbidden sites and Squid logs that into Cache.log, but WITHOUT the lame user's login.

2) Is there a better way to permit access to non-pornographic sites (eg esSEX.ac.uk) but block pornographic ones (eg SEX.com)? 

TIA,

Marlon Borba, CISSP.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux