RE: [squid-users] ACL auth from Andrew Burger on 2011-09-01 (squid-users)

From: Andrew Burger <AndrewB_at_mediafilmservice.com>
Date: Thu, 1 Sep 2011 10:52:59 +0000

HI Essad,

I use acl authenticate proxy_auth REQUIRED where every user have there own username & password to get on to the internet.

Would the below example still work?

Thanks

Andrew

From: Essad Korkic [mailto:essad.korkic_at_gmail.com]
Sent: 26 August 2011 13:14
To: squid-users_at_squid-cache.org; Andrew Burger
Subject: Re: [squid-users] ACL auth

Andrew,

If you use LDAP to authenticate your users you could try this:

A small example:

# LDAP helper to get the appropriate groups
external_acl_type ldap_blocked_sites ttl=3600 negative_ttl=3600 %LOGIN /usr/lib64/squid/squid_kerb_ldap -i -g "AD_GROUP_BlockedSites"@ -b "ou=users,dc=example,dc=com" -D REALM.EXAMPLE.COM -S dc1.example.com,dc2.example.com

#Create an acl with the blocked sites:
acl blacklist dstdomain "/etc/myblockedsites.txt"

#Then map the External ACL to the internal ACL
acl blocked_sites external ldap_blocked_sites

#Then add the appropriate http_access rules.
http_access allow blocked_sites !blacklist

Also check the squid-faq-acl page:
http://wiki.squid-cache.org/SquidFaq/SquidAcl

Good luck...

Essad

On Thu, Aug 25, 2011 at 8:32 AM, Andrew Burger <AndrewB_at_mediafilmservice.com> wrote:
Thanks Amos,

I tried to search for a script that I can modify or something as I don't get this one right.

Any help or anything you can point me to get it right?

Thanks

Andrew

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: 24 August 2011 16:16
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] ACL auth

On 24/08/11 20:59, Andrew Burger wrote:
> Hi there,
>
> I would like to know I have the following in m y squid.conf
>
> Should I wish to block a user from a website I do it that way.
>
> But now we got more then 100 users that use squid and I would like to
> setup like a external file where I can put in different sites to block
> different users.
>
> Because the problem now is if user "A" is block on facebook and user
> "B" is not and I want to block a site for user "B" and add him to the
> baduser name he will then be block from facebook as well.
>
> So I want to tell squid that this user is block from all this site's.
>

I suggest an external_acl_type helper script to produce OK/ERR responses. With %LOGIN %DST (user domain) as input it can do whatever you like, from any form of backend database.

Amos

--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.10

Received on Thu Sep 01 2011 - 10:51:16 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 12:00:03 MDT