Hey Victor,
I do not think it's too crazy.
It is a very common statement in the Law of Pharmacy to not operate
"heavy" tools when taking a specific medicine. In most cases it is there
since the operation of such tools(light\heavy) requires the
worker\operator a specific amount of concentration and attention and
since the desire of the usage is a change this is the right phrase.
I think that it depends also on the target of the ACL\policy in many cases.
For example there are many places that do allow Apple(which includes
music, videos, books and many more) but do not allow YouTube or in some
places even Google or Bing. If for example in a medical operating room
there would be Internet available it can be potentially hacked and in
many places the common policy is that VOIP(over the Internet) in these
cases is in use. It's one of the tools for the room. The staff in the
room tends to be very trusted but you cannot rely on specific tools to
replace the soul which decides on the right thing to do "mid-flight"
when there are tiny saws and scalpel on the stand.(and vice versa mind
cannot replace specific tools).
The first thing that you can do in such a scenario is to analyze the
network traffic using squid.
It can give lots of output and feedback even if used only as a simple
logging tool.
When you do have a clear view with what you are handling you can see
what are the realistic option about this specific group of Internet
users. For example if they are trying to use a proxy service that is on
other ports then 443 and 80 your goal would be to use a strict policy
rather then simply monitoring the HTTP and HTTPS connections.
I do not have experience with psychology but I do think that if most of
the undesired sites will be blocked it would fit most ACLs\policy ideas.
I think it's a really good idea to somehow find the right tactic so that
the request for such a crazy ACL requirement would be understood by the
requester.
I do not remember if squid can "stop" a download after a specific amount
of KB\MB for one file but again eventually it is possible to download
them in chunks...
So it's not really impossible but indeed it's not an easy task to
implement. Also I know that there are couple products that does in a way
what you just described. The issue with them in most cases is that they
do cost more then a dime and sometimes the request for such a
requirement being dropped by hearing only part of the costs.
Eliezer
On 11/03/2016 05:31, Victor Sudakov wrote:
Dear Colleagues,
New Internet access rules are being introduced in our company, among
them there is a requirement to have special groups of Internet users
who are permitted to:
1. Download files from the Internet.
2. Use Web forums.
3. Use streaming audio/video.
By default users should have no access to the above facilities.
These requirements may sound stupid and vague to some, but is there a
way to accomodate them at least partially, without keeping long lists
of prohibited file extensions and domains, which is very
counterproductive?
I am perfectly aware that an advanced Internet user will be able to
circumvent those prohibitions, but still, any recipes? I have looked
in http://wiki.squid-cache.org/SquidFaq/SquidAcl but found nothing
very useful.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users