> -----Original Message----- > From: Yong Bong Fong [mailto:bfyong@xxxxxxxxxxxxxxx] > Sent: Tuesday, September 13, 2005 5:02 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Restricting certain users to certain urls > > > Hi Christoph, > > I got problem again. Squidguard acl was problematic it > didn't work > quite well. Now I am trying on Squid acl to restrict certain users to > certain urls. I also have ldap authentication for my squid. Following > are my acls: > > acl abc ident andy > acl blocksites dstdomain .google.com > > http_access deny abc blocksites > http_access allow ldap_group-www Change these lines to... acl abc proxy_auth andy acl allowsites dstdomain .google.com http_access allow abc allowsites # Allow andy to surf google http_access deny abc # Prevent andy from surfing elsewhere http_access allow ldap_group-www # Allow ldap_group-www to surf > > What I am trying to achieve is to only allow Andy (who is > grouped in abc > above) to access google.com only. Other sites are blocked for him. I > tried it but it didn't work quite well, it does block > google.com but not > just for andy, it blocks all other users too. > Apparently the problem must be something to do with the "acl > abc ident > andy". When I retsarted squid the first time after changing the > configuration, its fine. But second time the following > message came out: > > # service squid restart > Stopping squid: 2005/09/14 08:48:49| squid.conf line 1791: > acl abc ident > bfyong > 2005/09/14 08:48:49| aclParseAclLine: Invalid ACL type 'ident' > 2005/09/14 08:48:49| squid.conf line 1821: http_access allow > abc blocksites > 2005/09/14 08:48:49| aclParseAccessLine: ACL name 'abc' not found. > > Any idea what is wrong? seems like it is not checking the username > thingi to do the acl..... > please help me to identify my problem..thanks a lot for > taking time helping. > thanks a lot... > > You are not using ident to gather usernames (instead it looks like you are using a basic authenticator) so you need to use proxy_auth acls. Chris
