[squid-users] Exceptions to blocks

From: Paul Cocker <paul.cocker@dont-contact.us>
Date: Wed, 7 Nov 2007 11:05:27 -0000

As those of you watching this list will be aware, I am currently setting
up a whole load of exciting website blocks. Since blocking facebook I
doubt I have more than a couple of days left to live.

What I'm looking for is an easy way to create exceptions. Our Sales and
Marketing departments need to bypass the shopping site block, because
going to such sites is part of their job. I can do this in the following
ways:

1. Setup an acl linking to the AD group for sales and one for for
marketing, then setup a whitelist acl which links to the shopping
blacklist, I then add an http_access allow line above the blocks calling
this whitelist if you're authenticated AND in sales, and then another
such line for marketing.

2. Setup an AD group called shoppingexceptions and add sales and
marketing users to it. I create an acl which looks at this group and
then modify the shopping line to http_access deny !shoppingexceptions
shopping.

I am currently using method 2, but the squidNT's AD group checker cannot
handle groups within groups, so I can't have an exception group
containing the sales and marketing groups, I have to export those groups
and put the user's into the exceptions group.

So, my question is, can I:

a) List multiple exceptions to a rule on a single line e.g. http_access
deny !sales !marketing shopping

b) Handle it in another, more elegant way?

Obviously the idea is that no administrative effort is required on our
part, someone joins sales and they automatically get the relevant
exceptions.

Paul Cocker
IT Systems Administrator
IT Security Officer

01628 81(6647)

TNT Post
1 Globeside Business Park
Fieldhouse Lane
Marlow
Bucks
SL7 1HY

TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
Received on Wed Nov 07 2007 - 04:03:38 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST