>Hi !!
I have sent this message to the list yesterday, but, as I didnīt receive
any answers, I thougth that it may not have been received ...
>We are trying to prevent the download of software from some of our users,
>and we have managed do to that, for test purposes, using http_reply_access
>combined with user acls.
>
>Now that everything is ok, we would like to apply these rules combined
>with windows groups (we use ntlm authentication).
>
>We have read a message posted by Henrik Nordstrom stating that
>http_reply_access cannot wait for external acl, but suggesting the
>following workaround:
>
>"You can work around this quite well (but not 100%) by making sure the
>same acls is evaluated in http_access, allowing Squid to cache the result
>before processing your http_reply_access rules. A simple method to have
>acls evaluated in http_access without affecting the http_access outcome is
>to use combine them with a dummy acl that will never match anything
>
>acl nothing src 0.0.0.0/32
>http_access deny acl_that_needs_to_be_evaluated nothing
>somewhere before where access is allowed.."
>
>I didnīt really understand how does it work... By doing this, can I use
>"acl_thar_needs_to_be_evaluated", wich, in our case, would be an external
>acl using wbinfo_group.pl, in a http_reply_access rule? Or, better yet, is
>there a simpler way to do that?
>
>Thanks again,
>Carlos Zottmann.
>
>
>
>
>
>
Received on Fri Feb 18 2005 - 04:04:21 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST