Em 04-07-2012 22:19, Eliezer Croitoru escreveu:
On 7/4/2012 5:37 PM, Marcio Merlone wrote:
I am administering 3 squid 3.0.STABLE19-1ubuntu0.2 proxies on 3
different sites, and managed to read group membership on LDAP using
external_acl_type and squid_ldap_group without a problem. The last bit I
need to make this a dream proxy cluster is also store the allowed sites
on LDAP (preferably).
I searched the net for something like this, but all I get is about user
auth, nothing regarding allowed sites list. Can someone help me find the
way for that, if any?
squid is loading the acls\rules at startup or reconfiguring.
there for using regular squid rules you can't use DB such as LDAP,
mysql or any other DB.(there are other open options)
i wouldn't recommend you to use LDAP as a DB for this kind of
operation because it's pretty slow for it.
the other options are: URL_REWRITE,ICAP,EXTERNAL_ACL.
Didn't know about ICAP. Sounds the way to go.
i wrote a nice ICAP server that was meant to do url manipulation but
seems that it can do much more.
it uses MYSQL as temp DB to store and retrieve specific data on urls
for cache so it's MYSQL\PG\SQLITE\LDAP ready.
i am working now on effective way to add filtering mechanism into it.
i have basic model that works.
this model should be the same for filtering or as ACLS, you will just
need to change the destination page to any page you want like "porn is
not available right now please try this later at home" or other nice
pages you like.
if you are willing to do the testings with me and built some skeleton
for it to fit sysadmins i will be more then happy to work on it.
Right now my needs are really basic, just a plain group+sites list
match. But the needs may grow as features become available. :)
the basic "domain" match is pretty simple to implement and it's kind
of done already.
That' it for now.
the next thing to be done is the dstdomain ".example.dom" joker.
about regex acls i will might use some other technique to load it from
DB into memory and only when the DB changed to update the regex into
memory.
regex is a very slow acl and basically should be used wisely.
Does your project has a home-page? I'll be glad to test and help.
--
Marcio Merlone