On 16/10/2013 1:51 a.m., Marko Cupać wrote:
On Sat, 05 Oct 2013 03:21:37 +1300
Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Move your DG rules into squid.conf rules?
The current Squid integrate with clamav via ICAP for realtime streamed
scanning, and the rest of your policies just seem to be ways of setting
up the ACLs.
Amos
I am advancing into replacement of NTLM/dansguardian with kerberos/squid
and icap and mapped AD groups with help of LDAP authorization, but there
are a few things for which I haven't find solution so far:
1. More informative error messages for users (similar to squidclamav), which
would contain IP address, username, access group of user, detailed reason
for not serving content (eg. name of access list).
FYI: the defaults from Squid lean more towards less information revealed
so as to avoid information leaks. But that can be changed if you wish.
see below.
2. I have a group for which social networks and online video are forbidden.
But nowadays facebook and youtube placeholders are integrated into a lot
of sites. When users visit those sites they see a lot of squid cache denied
pages. Dansguardian has (visually) elegant solution for blocking dstdomains
as "ADs" category. Iframes and placeholders which embed content from those
sites are then replaced with "advert blocked" text. I have tried adzapper
but it doesn't solve my problem as I do not want to zap certain sites globally,
but only to some groups of users.
Any advices?
http://wiki.squid-cache.org/Features/CustomErrors goes a long way
towards what you are wanting.
There are some details such as groups which are not yet fully available
in the error page macros. But work is underway towards that by several
of the devlopers (and patches from others welcome too of course) so if
you need anything please consider donating towards the development work.
Amos
