Hmmm. That looks like it may be part of the answer to something I have been trying to figure out. I want to install squid caches at multiple remote locations on our WAN to improve performance of web-based applications, but I want to limit internet surfing to a few users at each. I have placed a default route in the remote router but have an ACL in the internet router that limits outbound internet traffic from that site to the squid box only. I don't need authentication, but would like to control access via individual PC's based on who is logged in. Since we use DHCP and I can't do it by IP address. Can I use what you described with identd running on the Win98/W2k workstations to identify the logged in user, allowing/denying based on the name returned by identd?
I am a squid novice, so don't be shy if you have a better way of approaching this.
--Mark
mgmyers@dreyers.com
>>>>>>>>>>>>
From: "Robert Collins" <robert.collins@itdomain.com.au>
Dead easy.
Compile squid with AUTHENTICATE_ON_ACCEL (see the list yesterday or thereabouts - Henrik posted the exact steps). That will give
you authenticated acceleration capability.
From memory (and I may be wrong) you can also use url/url_regex/dst/dst_domain acl's with acceleration.
So....
acl group1 proxy_auth john fred mary
acl group2 proxy_auth stephen mary joseph
acl server1 dst_domain server1.domain.com
acl server2 dst_domain server2.domain.com
acl server3 dst_domain server1.domain2.com
http_access allow group1 server1
http_access allow group1 server3
http_access allow group2 server2
http_access allow group2 server3
voila! no redirector, no alterations to squid :-]
Rob
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Jan 24 2001 - 09:22:56 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:33 MST