[squid-users] http_reply_access and windows groups

From: Carlos <zottmann@dont-contact.us>
Date: Thu, 17 Feb 2005 10:35:30 -0200

Hi !!

We are trying to prevent the download of software from some of our users,
and we have managed do to that, for test purposes, using http_reply_access
combined with user acls.

Now that everything is ok, we would like to apply these rules combined with
windows groups (we use ntlm authentication).

We have read a message posted by Henrik Nordstrom stating that
http_reply_access cannot wait for external acl, but suggesting the
following workaround:

"You can work around this quite well (but not 100%) by making sure the same
acls is evaluated in http_access, allowing Squid to cache the result before
processing your http_reply_access rules. A simple method to have acls
evaluated in http_access without affecting the http_access outcome is to
use combine them with a dummy acl that will never match anything

acl nothing src 0.0.0.0/32
http_access deny acl_that_needs_to_be_evaluated nothing
somewhere before where access is allowed.."

I didn“t really understand how does it work... By doing this, can I use
"acl_thar_needs_to_be_evaluated", wich, in our case, would be an external
acl using wbinfo_group.pl, in a http_reply_access rule? Or, better yet, is
there a simpler way to do that?

Thanks in advance,
Carlos Zottmann.
Received on Thu Feb 17 2005 - 05:35:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST