Re: [squid-users] auto blacklist users

Quoting ian j hart <ianjhart@ntlworld.com>:

> On Friday 07 December 2007 23:49:35 Amos Jeffries wrote:
>
> [Apologies in advance if I've miss-understood anything, it's late (early) and
> I'm somewhat brain dead. This time zone thing's a killer]
>
>> ian j hart wrote:
>> > On Friday 07 December 2007 00:58:31 Adrian Chadd wrote:
>> >> So if I get this right, you'd like to log the acl list that passed or
>> >> failed the user?
>> >>
>> >>
>> >>
>> >> Adrian
>> >
>> > Near enough.
>> >
>> > I want to log the aclname (or custom error page name) and the username.
>> > I'll probably want the url in short order, followed by anything else that
>> > proves useful.
>> >
>> > I want to do this for users who are denied access.
>> >
>> > [The more general solution you state above would probably be okay too. I
>> > might need to add DENY/ACCEPT so I can include that in the regexp.]
>> >
>> > <tangent>
>> > Here's an example of how this might be generally useful. I have thee
>> > different proxy ACLs.
>> >
>> > A url_regexp
>> > A dstdomain list harvested from a popular list site
>> > A "daily" list gleaned from yesterdays access summary
>>
>> Problem:
>> If a student can get through all day today whats to stop them?
>
> Nothing. But here's what I hope will happen. (I probably shouldn't reveal
> this, but what the hey).
>

Ive missed most of this discussion. But it sounds like you may have
gotten this to work. Is there a recap? Id really like to see your
squid.conf (at least snippets that pertain to this). Are you running a
transparent proxy? Do you run any kind of commercial filter? Ive
been struggling with this same thing. Now I catch this through my
snort logs, and looking at access_logs for denied hits. I also block
quite a few sites at my firewall, but it is impossible to stop. I do
seem to have more support from administration than you.

-- 
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"rarely do people communicate, they just take turns talking"