Curt Coleman wrote:
I am looking to use squid to content filter public computers. Currently I
have it setup and running on a few test machines. When someone attempts to
access a restricted site, I have a custom 'access denied' page that appears.
I would like for this page to contain a field to insert credentials that
would allow bypassing the filtering. Is this doable?
Yes. Have an external_acl that checks a repository of IPs (be it a flat
file, a database or a hash in memory) and change the http_access deny
line that blocks requests to the restricted sites use this acl NANDed
with the list. The custom access denied page allows entering
credentials to bypass the filtering (which updates the mentioned
repository).
In essence...
acl restrictedSites dstdomain .restricted.com .clearancerequired.com
external_acl_type allow-restricted ttl=5 concurrency=50 %SRC
/usr/local/squid/bin/restricted-ip-authenticator
acl allowRestrictedIP external allow-restricted
http_access deny restrictedSites !allowRestrictedIP
deny_info http://my.host/enterCredentialsForAccess.html allowRestrictedIP
...where the script /usr/local/squid/bin/restricted-ip-authenticator,
and the CGI form called by http://my.host/enterCredentialsForAccess.html
are left as an exercise for the reader. The session helper included in
Squid releases later than 2.6 might be a good starting point.
Thanks in advance.
CC
Chris