Bert Rapp wrote:
I'm currently running squid with squidGuard. (I know this isn't a
squidGuard list, but it's part of my setup.) I'm using squidGuard to
filter access to certain sites. Our users have both IE and Firefox
installed on their workstations. What I'd like to do now is let
Firefox browse most of the internet while only letting IE have access
to a very limited list of sites.
I've been reading about the browser acl in squid, but it appears that
it's an all or nothing option.
Here's an example of how I expect to use it:
acl mozacl browser MOZILLA
http_access allow mozacl
http_access deny all
But I think this would block access completely to IE.
I'm guessing the feature I'm looking for would need to come from
squidGuard (from what I can tell squidGuard doesn't look at the user
agent) or another type of redirector.
Has anyone else done this or have any suggestions? Are my assumptions
correct?
Sure the ACL is all-or-nothing, but combined with other acls, you can
perform this task with ease.
Assuming you understand that User-Agents can be easily changed, I think
you would be well served by...
acl InternetExplorer browser MSIE
acl IEAllowedSites dstdomain .example.com .microsoft.com
http_access allow InternetExplorer IEAllowedSites
http_access deny InternetExplorer
deny_info ERR_MSIE_RESTRICTED InternetExplorer
Obviously you'd need to make the deny_info page explaining the
restrictions on IE, or leave that last line off, and just hand out a
generic access denied page.
Have a look at the FAQ section on ACLs for more:
http://wiki.squid-cache.org/SquidFaq/SquidAcl
Chris
