RE: [squid-users] Blocking specific workstations under DHCP

From: Simon Bryan <sbryan@dont-contact.us>
Date: Sat, 6 Jul 2002 13:02:49 +1000

So I could have something like:

acl students proxy_auth /path/to/student/user/name/file
http_access deny students webmail (having also defined webmail as an acl)

We do already authenticate all users using smb_auth, but this only tells me
if a user is allowed to do anything at all (doesn't it?)

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Saturday, 6 July 2002 1:55 AM
> To: Simon Bryan; Squid-Users
> Subject: Re: [squid-users] Blocking specific workstations under DHCP
>
>
> On Friday 05 July 2002 16.15, Simon Bryan wrote:
> > Hi all,
> > We need to move our network to use DHCP and at the moment I have
> > certain activities restricted to sepcific machines (eg webmail only
> > on staff machines) I currently do this via the IP of the machines,
> > is there a way to do this via the workstation name (or a better
> > way?). The workstations are all W2K, WindowsNT or WindowsXP.
>
> There is plenty of ways to do things..
>
> a) You could use proxy authentication. Squid happily integrates with
> NT Domains for authentication.
>
> b) If you run a Microsoft DNS server connected to your WINS server
> then Squid can query this one to find the workstation name
>
> c) You could use the external_acl feature of Squid-2.5 to write a
> small helper to verify the workstation name (a Windows workstation
> name can easily be queried using Samba nmblookup -A <ipaddress>)
>
>
> And there probably is about 5 other ways to go about this..
>
> Using authentication is by far the most secure, reliable and trackable
> mechanism. Also makes the users aware that they are not anonymous on
> your network which by itself has a good effect on behavior regarding
> filtering etc..
>
> Regards
> Henrik
Received on Fri Jul 05 2002 - 21:02:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:04 MST