[squid-users] Fwd: Connecting to SQUID with parameters

From: Michelle Dawson <itbabe87_at_gmail.com>
Date: Sun, 1 Aug 2010 04:52:29 -0400

Hi Guys,

I searched the whole FAQ, mailing list archives and Googled my way
through the evening and I couldn't find any references in solving my
problem. So please, if you can, help me figure it out.

My team and I are currently struggling  with an issue in which we
would like to detect/identify some extra parameters in the Squid
config file so we can determine what website blocking filter we should
use. For example, if a user would connect to us with a parameter or a
part in the header that we can detect (blocked=none) we would display
all the sites to this user without denying any of the blocking lists,
but if he would connect as (blocked=phishing) we would show all the
sites except the ones that are known for phishing such as:

acl blockphishing url_regex "c:/squid/etc/blacklists/phishing/domains.squid"
http_access deny blockphishing

This works fine in a static environment without the use of identifying
the user with ACLs. The problem is that our users are completely
random throughout North America, we don't know their mac addresses or
their ip addresses or their user names or machine names (so static
configuration based on that data is impossible) . I guess the only way
of blocking them is with additional parameters or something like that
being sent to the Squid server in connection requests. We are able to
modify the headers from Firefox where we have a plugin that sets the
settings for our proxy and modifies the headers a bit.

My current bet is on that if Squid can read the headers, we could set
the ACL's based on that and filter the content as required. But we
don't know how to do it or if it is even posibile.

How would you approach our problem without using LDAP or any other
type of authentication to resolve it?

We are using SQUID 2.7 STABLE 2 on Windows Server 2003

Thank you very much for all your help.

Michelle D.
Received on Sun Aug 01 2010 - 08:52:39 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 12:00:26 MDT