Search squid archive

Re: bypass squid filtering using credentials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Curt Coleman wrote:
I am looking to use squid to content filter public computers.  Currently I
have it setup and running on a few test machines.  When someone attempts to
access a restricted site, I have a custom 'access denied' page that appears.
I would like for this page to contain a field to insert credentials that
would allow bypassing the filtering.  Is this doable?

Yes. Have an external_acl that checks a repository of IPs (be it a flat file, a database or a hash in memory) and change the http_access deny line that blocks requests to the restricted sites use this acl NANDed with the list. The custom access denied page allows entering credentials to bypass the filtering (which updates the mentioned repository).

In essence...

acl restrictedSites dstdomain .restricted.com .clearancerequired.com
external_acl_type allow-restricted ttl=5 concurrency=50 %SRC /usr/local/squid/bin/restricted-ip-authenticator
acl allowRestrictedIP external allow-restricted
http_access deny restrictedSites !allowRestrictedIP
deny_info http://my.host/enterCredentialsForAccess.html allowRestrictedIP

...where the script /usr/local/squid/bin/restricted-ip-authenticator, and the CGI form called by http://my.host/enterCredentialsForAccess.html are left as an exercise for the reader. The session helper included in Squid releases later than 2.6 might be a good starting point.

Thanks in advance.

CC

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux