Hi !!
> > 1) My Squid.conf relevant lines below:
> >
> > [...]
> > acl autenticados proxy_auth REQUIRED
> > [...]
> > acl liberado dstdom_regex "/etc/squid/liberado.txt"
> > acl semacesso dstdom_regex "/etc/squid/semacesso.txt"
> > [...]
> > http_access allow autenticados
> >
> > http_access allow liberado
> > http_access deny semacesso
> > [...]
> > # And finally deny all other access to this proxy
> > http_access allow localhost
> > http_access deny all
> > [...]
> >
> > In this configuration it allows an authenticated user to access any site,
> > even the forbidden ones. OTOH, I put the 'liberado' and 'semacesso' lines
> > ABOVE the authentication line, the user does not access forbidden sites
> > and Squid logs that into Cache.log, but WITHOUT the lame user's login.
>
> Untested:
> http_access allow localhost
> http_access deny semacesso autenticados
> http_access allow autenticados
> http_access deny all
>
When you use "http_access allow autenticados" as your first rule, you
are saying that anyone who authenticates have access to any site, as
squid´s rules are processed in the order that they are declared, so
you should place your deny rules before this one.
> > 2) Is there a better way to permit access to non-pornographic sites (eg
> > esSEX.ac.uk) but block pornographic ones (eg SEX.com)?
>
> A content scanning proxy. Unfortunately I don't have any experience with
> this (the squids I manage either don't have content scanning, or they talk
> to a parent proxy which does scan but which I don't manage)
>
> Joost
>
>
You can use DansGuardian, wich is a url and content filter that works
with squid, or squidguard, wich is just a url filter. You can also use
some public lists of urls do be blocked bye either filter.
Regards,
Carlos.
Received on Mon Aug 22 2005 - 11:01:23 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT