Search squid archive

RE: ACL auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



HI Essad,

I use acl authenticate proxy_auth REQUIRED where every user have there own username & password to get on to the internet.

Would the below example still work?

Thanks

Andrew

From: Essad Korkic [mailto:essad.korkic@xxxxxxxxx] 
Sent: 26 August 2011 13:14
To: squid-users@xxxxxxxxxxxxxxx; Andrew Burger
Subject: Re:  ACL auth

Andrew, 
 
If you use LDAP to authenticate your users you could try this:
 
A small example:
 
# LDAP helper to get the appropriate groups
external_acl_type ldap_blocked_sites ttl=3600  negative_ttl=3600 %LOGIN /usr/lib64/squid/squid_kerb_ldap -i -g "AD_GROUP_BlockedSites"@ -b "ou=users,dc=example,dc=com" -D REALM.EXAMPLE.COM -S dc1.example.com,dc2.example.com
 
#Create an acl with the blocked sites:
acl blacklist dstdomain "/etc/myblockedsites.txt"
 
#Then map the External ACL to the internal ACL
acl blocked_sites external ldap_blocked_sites
 
#Then add the appropriate http_access rules.
http_access allow blocked_sites !blacklist
 
Also check the squid-faq-acl page:
http://wiki.squid-cache.org/SquidFaq/SquidAcl
 
Good luck... 
 
Essad
 
On Thu, Aug 25, 2011 at 8:32 AM, Andrew Burger <AndrewB@xxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Amos,

I tried to search for a script that I can modify or something as I don't get this one right.

Any help or anything you can point me to get it right?

Thanks

Andrew

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: 24 August 2011 16:16
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  ACL auth

On 24/08/11 20:59, Andrew Burger wrote:
> Hi there,
>
> I would like to know I have the following in m y squid.conf
>
> Should I wish to block a user from a website I do it that way.
>
> But now we got more then 100 users that use squid and I would like to
> setup like a external file where I can put in different sites to block
> different users.
>
> Because the problem now is if user "A" is block on facebook and user
> "B" is not and I want to block a site for user "B" and add him to the
> baduser name he will then be block from facebook as well.
>
> So I want to tell squid that this user is block from all this site's.
>

I suggest an external_acl_type helper script to produce OK/ERR responses. With %LOGIN %DST (user domain) as input it can do whatever you like, from any form of backend database.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.10




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux