Prasad J Pandit wrote:
Hello Rodrigo, hello all!
I'm trying to implement the per user access restriction using Squid.
I've put the acls for each user in a seperate file like user-acl.txt.
For example, my `guest-acl.txt' looks like:
===
acl guest_ip dst some-ip/32
acl guest_mail dstdom_regex mail.google* www.
acl guest_dom dstdomain .google.com
http_access allow guest_ip
http_access allow guest_mail
http_access allow guest_dom
===
So the `guest' user will only be allowed to access <some-ip> and her
gmail account.
Then you will need to extend those http_access lines to include more
than one ACL.
ie http_access allow guest_ip guest_dom
Instead of all the above. What you have currently will let _anyone_
access _any_ of the ACL matches. some-ip or *.google.com or
mail.google.hijacked-serve.com, or www.any-server-anywhere.com, etc.
Now, I've quite a few such files. What I'd like to have is I just
include these files into the squid.conf file like
include <guest-acl.txt>
include <root-acl.txt>
...
include <gobman-acl.txt>
And depending upon which one is commented/uncommented squid would
include the acls from the respective files(Snort does it really well).
I'm trying to do this with the `acl external' & `external_acl_type', but
don't see any light so far.
Could you please tell me if this can be done, and how if yes? One more
thing is, I can not use squid for authentication, I've to use something
else for that.
There is a patchset to both squid-2 and squid-3 for the include directive.
It will be included native in 2.7 and 3.0.STABLE2+ (due out within the
week, daily snapshots of 3.0 are just undergoing final tests and checks
before release).
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
