HI Essad, I use acl authenticate proxy_auth REQUIRED where every user have there own username & password to get on to the internet. Would the below example still work? Thanks Andrew From: Essad Korkic [mailto:essad.korkic@xxxxxxxxx] Sent: 26 August 2011 13:14 To: squid-users@xxxxxxxxxxxxxxx; Andrew Burger Subject: Re: ACL auth Andrew, If you use LDAP to authenticate your users you could try this: A small example: # LDAP helper to get the appropriate groups external_acl_type ldap_blocked_sites ttl=3600 negative_ttl=3600 %LOGIN /usr/lib64/squid/squid_kerb_ldap -i -g "AD_GROUP_BlockedSites"@ -b "ou=users,dc=example,dc=com" -D REALM.EXAMPLE.COM -S dc1.example.com,dc2.example.com #Create an acl with the blocked sites: acl blacklist dstdomain "/etc/myblockedsites.txt" #Then map the External ACL to the internal ACL acl blocked_sites external ldap_blocked_sites #Then add the appropriate http_access rules. http_access allow blocked_sites !blacklist Also check the squid-faq-acl page: http://wiki.squid-cache.org/SquidFaq/SquidAcl Good luck... Essad On Thu, Aug 25, 2011 at 8:32 AM, Andrew Burger <AndrewB@xxxxxxxxxxxxxxxxxxxx> wrote: Thanks Amos, I tried to search for a script that I can modify or something as I don't get this one right. Any help or anything you can point me to get it right? Thanks Andrew -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 24 August 2011 16:16 To: squid-users@xxxxxxxxxxxxxxx Subject: Re: ACL auth On 24/08/11 20:59, Andrew Burger wrote: > Hi there, > > I would like to know I have the following in m y squid.conf > > Should I wish to block a user from a website I do it that way. > > But now we got more then 100 users that use squid and I would like to > setup like a external file where I can put in different sites to block > different users. > > Because the problem now is if user "A" is block on facebook and user > "B" is not and I want to block a site for user "B" and add him to the > baduser name he will then be block from facebook as well. > > So I want to tell squid that this user is block from all this site's. > I suggest an external_acl_type helper script to produce OK/ERR responses. With %LOGIN %DST (user domain) as input it can do whatever you like, from any form of backend database. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10
