On Sat, 05 Oct 2013 03:21:37 +1300 Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Move your DG rules into squid.conf rules? > The current Squid integrate with clamav via ICAP for realtime streamed > scanning, and the rest of your policies just seem to be ways of setting > up the ACLs. > > Amos I am advancing into replacement of NTLM/dansguardian with kerberos/squid and icap and mapped AD groups with help of LDAP authorization, but there are a few things for which I haven't find solution so far: 1. More informative error messages for users (similar to squidclamav), which would contain IP address, username, access group of user, detailed reason for not serving content (eg. name of access list). 2. I have a group for which social networks and online video are forbidden. But nowadays facebook and youtube placeholders are integrated into a lot of sites. When users visit those sites they see a lot of squid cache denied pages. Dansguardian has (visually) elegant solution for blocking dstdomains as "ADs" category. Iframes and placeholders which embed content from those sites are then replaced with "advert blocked" text. I have tried adzapper but it doesn't solve my problem as I do not want to zap certain sites globally, but only to some groups of users. Any advices? -- Marko Cupać
