Squid ubergeeks,
I am configuring a Squid (2.5-STABLE9 in a Fedora Core 4) to authenticate users into a LDAP directory. Having succeeded in that configuration, my next challenge is to implement access control AND logging of users' accesses to forbidden sites.
I created two url_regex lists, semacesso.txt for porn and other banned sites and liberado.txt, which contain regexes for sites that, not being porn or any other crap, could be blocked because they contain a substring appearing to be a porn site (eg esSEX.ac.uk).
I have two problems to solve:
1) My Squid.conf relevant lines below:
[...]
acl autenticados proxy_auth REQUIRED
[...]
acl liberado dstdom_regex "/etc/squid/liberado.txt"
acl semacesso dstdom_regex "/etc/squid/semacesso.txt"
[...]
http_access allow autenticados
http_access allow liberado
http_access deny semacesso
[...]
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
[...]
In this configuration it allows an authenticated user to access any site, even the forbidden ones. OTOH, I put the 'liberado' and 'semacesso' lines ABOVE the authentication line, the user does not access forbidden sites and Squid logs that into Cache.log, but WITHOUT the lame user's login.
2) Is there a better way to permit access to non-pornographic sites (eg esSEX.ac.uk) but block pornographic ones (eg SEX.com)?
TIA,
Marlon Borba, CISSP.
Received on Fri Aug 19 2005 - 17:17:44 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT