On Saturday 14 June 2003 19.27, Mark Fagan wrote:
> Lets say its OK to authenticate by user only, can I create an acl
> that applies to say, user1, user2, user3 and so on, using only
> smb_auth and without upgrading or recompiling my current
> version.(assuming I install the M$ patch first)
>
> If this is possible what would be the sytax to get it all working:
>
> Lets say User1, User2 and User 3: should be allowed to access
> www.yahoo.com
Yes. See the proxy_auth and dstdomain acl types.
Example:
# Allow group1 access to their sites only
acl group1 proxy_auth user1 user2 user3
acl sites1 dstdomain www.yahoo.com
http_access allow group1 sites1
http_access deny group1
# Similarily for another group, but with the data defined
# in external files instead of inline in squid.conf
acl group2 proxy_auth "/path/to/group2.txt"
acl sites2 dstdomain "/path/to/group2_sites.txt"
http_access allow group2 sites2
http_access deny group2
# Deny all other uses
http_access deny all
Names should be selected more appropriate to represent the meaning of
the groups.
A number of other variants are possible depending on what it is you
want to do in relation to other access rights. For example if you
remove the group1/2 deny lines above then the rights are accumulative
so that if a user is member of both groups he has the rights of both.
Another interesting alternative is to use sites1/2 instead on the
deny lines, in such cases the rules are a restriction on who may
access sites1 vs sites2, not what sites group1 vs group2 may access.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Sat Jun 14 2003 - 14:51:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST