dhottinger@xxxxxxxxxxxxxxxxxxxxxx wrote:
Quoting ian j hart <ianjhart@xxxxxxxxxxxx>:
On Friday 07 December 2007 23:49:35 Amos Jeffries wrote:
[Apologies in advance if I've miss-understood anything, it's late
(early) and
I'm somewhat brain dead. This time zone thing's a killer]
ian j hart wrote:
> On Friday 07 December 2007 00:58:31 Adrian Chadd wrote:
>> So if I get this right, you'd like to log the acl list that passed or
>> failed the user?
>>
>>
>>
>> Adrian
>
> Near enough.
>
> I want to log the aclname (or custom error page name) and the
username.
> I'll probably want the url in short order, followed by anything
else that
> proves useful.
>
> I want to do this for users who are denied access.
>
> [The more general solution you state above would probably be okay
too. I
> might need to add DENY/ACCEPT so I can include that in the regexp.]
>
> <tangent>
> Here's an example of how this might be generally useful. I have thee
> different proxy ACLs.
>
> A url_regexp
> A dstdomain list harvested from a popular list site
> A "daily" list gleaned from yesterdays access summary
Problem:
If a student can get through all day today whats to stop them?
Nothing. But here's what I hope will happen. (I probably shouldn't reveal
this, but what the hey).
Ive missed most of this discussion. But it sounds like you may have
gotten this to work. Is there a recap? Id really like to see your
squid.conf (at least snippets that pertain to this). Are you running a
transparent proxy? Do you run any kind of commercial filter? Ive been
struggling with this same thing. Now I catch this through my snort
logs, and looking at access_logs for denied hits. I also block quite a
few sites at my firewall, but it is impossible to stop. I do seem to
have more support from administration than you.
Here be mine squid.conf entry:
external_acl_type surbl_test ipv6 ttl=5 negative_ttl=5 %SRC %DST
/etc/squid6/helper/rhsbl.sh multi.surbl.org RHSBL
acl surbl_clean external surbl_test
deny_info
http://treenet.co.nz/errors/squid-404.php?RBL-SURBL-%m&err=%o&url=%s
surbl_clean
http_access deny all !surbl_clean
The helper is a little complex doing a DNSBL re-formatting and lookup
before returning OK/ERR to squid.
FYI: SURBL is an anti-malware RHSBL which lists domains advertised in
Spam or known for malware distribution.
There is no reason particularly why the helper can't do a lookup
elsewhere for a locally built list via another medium.
Amos
