Re: [squid-users] ACL/restriction of OS-version/-type

From: Henrik Nordstrom <>
Date: Sun, 22 Feb 2004 18:25:03 +0100 (CET)

On Fri, 20 Feb 2004, Frank Fegert wrote:

> 1.) Assuming that the browser submits browsertype and OS-version at
> each request, i could use this information. The question is how
> i would access the information and pass it to an ACL?

See the browser ACL. It uses regex patterns for matching the User-Agent
header as sent by the client. MSIE and most browsers include comment
information in this header indicating which OS they run on.

> 2.) Taken from the squid logs the client submits it's IP upon each
> request. I would resolve the IP to a hostname, and look up if a
> workstation object of the same name exists in the ADS by using
> ldapsearch. Regarding the use of ldapsearch i would add the code
> to squid_ldap_auth.

The idea is good, but authentication is the wrong place to add this into.

What you should do for implementing this idea is to write a small external
helper to Squid which performs only this check. See the external_acl_type

Received on Sun Feb 22 2004 - 10:25:06 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST