Re: [squid-users] Blocking specific workstations under DHCP

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 6 Jul 2002 10:45:05 +0200

On Saturday 06 July 2002 05.02, Simon Bryan wrote:
> So I could have something like:
>
> acl students proxy_auth /path/to/student/user/name/file

Yes, but you need the quotes.

> http_access deny students webmail (having also defined webmail as
> an acl)

> We do already authenticate all users using smb_auth, but this only
> tells me if a user is allowed to do anything at all (doesn't it?)

What you have today is a acl like

acl users proxy_auth REQUIRED

Right?

Using REQUIRED is the same thing as listing all your users.

What a user is allowed to do is controlled by http_access. You can set
up access rules down to pretty much anything as long as there is
something visible to Squid the access control can be based upon. This
is also true for authentication. There is no reason why a access
control in Squid ever needs to be a "all or nothing" type of control,
but you can of course make such decisions in http_access if you like.

Regards
Henrik
Received on Sat Jul 06 2002 - 02:59:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:04 MST