Re: [squid-users] Restricting certain users to certain urls

From: Yong Bong Fong <bfyong@dont-contact.us>
Date: Wed, 14 Sep 2005 09:02:00 +0800

Hi Christoph,

    I got problem again. Squidguard acl was problematic it didn't work
quite well. Now I am trying on Squid acl to restrict certain users to
certain urls. I also have ldap authentication for my squid. Following
are my acls:

acl abc ident andy
acl blocksites dstdomain .google.com

http_access deny abc blocksites
http_access allow ldap_group-www

What I am trying to achieve is to only allow Andy (who is grouped in abc
above) to access google.com only. Other sites are blocked for him. I
tried it but it didn't work quite well, it does block google.com but not
just for andy, it blocks all other users too.
Apparently the problem must be something to do with the "acl abc ident
andy". When I retsarted squid the first time after changing the
configuration, its fine. But second time the following message came out:

# service squid restart
Stopping squid: 2005/09/14 08:48:49| squid.conf line 1791: acl abc ident
bfyong
2005/09/14 08:48:49| aclParseAclLine: Invalid ACL type 'ident'
2005/09/14 08:48:49| squid.conf line 1821: http_access allow abc blocksites
2005/09/14 08:48:49| aclParseAccessLine: ACL name 'abc' not found.

Any idea what is wrong? seems like it is not checking the username
thingi to do the acl.....
please help me to identify my problem..thanks a lot for taking time helping.
thanks a lot...

>On Mon, Sep 12, 2005 at 09:53:45AM +0800, Yong Bong Fong wrote:
>> How to restrict certain users to certain urls only based on their
>> authenticated usernames? I did it with squidguard ages ago but it
>> doesn't work now. It didn't work out properly 100% too.
>> I am trying to figure out how with squid acl itself instead of
>> squidguard....
>
>That's easily possible. Where did you get stuck?
>
>Literature:
>http://squid.visolve.com/squid/squid24s1/access_controls.htm
>http://workaround.org/moin/HowSquidAclsWork
>
> Christoph
>--
>

-- 
Yong Bong Fong (Ah Fong)
Rookie System Engineer
MIS Department
Shin Yang Group of Companies
Email: bfyong@shinyang.com.my or potatoinmiri@yahoo.com.au
Tel: (60)085-656699 Ext 375
"Bekerja Rajin Untuk Kemajuan Negara Kita"
Received on Tue Sep 13 2005 - 18:59:03 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT