[squid-users] Block downloads except for a select group.

I am using winbindd authentication to allow people out to the internet,
but I would like to block downloads except for a small group of those
users. I would like to have this be another Domain group. When I add a
second rule for external authentication (for the download group) I get a
bunch of errors in the cache.log and squid dies. If I comment out the
acl "http_reply_access allow password DownLoads_OK" then squid will
load. Am I going in the right direction, or is there another way?

Sample config file.

# Authentication programs section
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 18
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

# This line is for checking group membership
external_acl_type NT_global_group %LOGIN /usr/lib/squid/bofu_check_group
external_acl_type Approved_Download %LOGIN
/usr/lib/squid/bofu_check_download

acl me src 192.168.0.2/32

# check against a domain group
acl ProxyUsers external NT_global_group internet
acl DownLoads_OK external Approved_Download internetdownloads
acl password proxy_auth REQUIRED

# block downloads
acl DownLoads_Blocked rep_mime_type -i ^application/.+$
acl DownLoads_Blocked2 urlpath_regex -i \.cab$

# Rule enforcement
http_access allow password ProxyUsers
http_access deny all

http_reply_access allow password DownLoads_OK
http_reply_access deny me DownLoads_Blocked
http_reply_access deny me DownLoads_Blocked2
http_reply_access allow all

Error Messages when starting:
(wb_ntlmauth)[17777](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17778](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17779](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17775](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=22 (Invalid argument)
(wb_ntlmauth)[17780](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17782](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17781](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17789](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17783](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17784](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17785](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17776](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17786](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17787](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17788](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17790](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17791](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)
(wb_ntlmauth)[17792](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=0 (Success)

Thanks for your help.
Robert
Received on Thu Sep 11 2003 - 16:04:08 MDT