[squid-users] Help with per user allowed list config. from Andres Salazar on 2009-10-12 (squid-users)

From: Andres Salazar <ndrsslzr80_at_gmail.com>
Date: Mon, 12 Oct 2009 17:51:46 -0500

Hello all,

Iam new to squid and I have a successful config that utilizes ncsa
auth to alllow per user access.

However, I was told that I could have an allowed list of sites
vieweable with a directive that points to a file outside the config.

How do I specify that for every user? I also need to specify a
max_body_size different for every user. Below is the copy of my
current config.

Thanks for the help..

cache_dir null /dev/null
auth_param basic program /usr/local/libexec/ncsa_auth /etc/squid/squid_passwd
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl SSL_ports port 4444
acl SSL_ports port 5555
acl SSL_ports port 6666
acl SSL_ports port 7777
acl SSL_ports port 8888
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow all
icp_access allow localnet
icp_access deny all
reply_body_max_size 2048000 deny all
http_port 8080
hierarchy_stoplist cgi-bin ?
access_log /var/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
via off
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit)
max_filedescriptors 5024
forwarded_for off
coredump_dir /var/squid/cache
Received on Mon Oct 12 2009 - 22:51:57 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 13 2009 - 12:00:05 MDT