Prasad J Pandit wrote:
>
> Hello Rodrigo, hello all!
>
> I'm trying to implement the per user access restriction using Squid.
> I've put the acls for each user in a seperate file like user-acl.txt.
> For example, my `guest-acl.txt' looks like:
>
> ===
> acl guest_ip dst some-ip/32
> acl guest_mail dstdom_regex mail.google* www.
> acl guest_dom dstdomain .google.com
>
> http_access allow guest_ip
> http_access allow guest_mail
> http_access allow guest_dom
> ===
>
> So the `guest' user will only be allowed to access <some-ip> and her
> gmail account.
Then you will need to extend those http_access lines to include more
than one ACL.
ie http_access allow guest_ip guest_dom
Instead of all the above. What you have currently will let _anyone_
access _any_ of the ACL matches. some-ip or *.google.com or
mail.google.hijacked-serve.com, or www.any-server-anywhere.com, etc.
>
> Now, I've quite a few such files. What I'd like to have is I just
> include these files into the squid.conf file like
>
> include <guest-acl.txt>
> include <root-acl.txt>
> ...
> include <gobman-acl.txt>
>
> And depending upon which one is commented/uncommented squid would
> include the acls from the respective files(Snort does it really well).
>
> I'm trying to do this with the `acl external' & `external_acl_type', but
> don't see any light so far.
>
> Could you please tell me if this can be done, and how if yes? One more
> thing is, I can not use squid for authentication, I've to use something
> else for that.
>
There is a patchset to both squid-2 and squid-3 for the include directive.
It will be included native in 2.7 and 3.0.STABLE2+ (due out within the
week, daily snapshots of 3.0 are just undergoing final tests and checks
before release).
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Sat Mar 01 2008 - 02:58:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT