On Thu, 19 Aug 2010 11:08:00 +0530, sushi squid <sushi.squid_at_gmail.com>
wrote:
> Thanks Amos & John,
> I am glad that you all are replying so fast....(at least faster than me
> coming back and checking the solution :) )
>
> I have few doubts with both Amos and John's reply and a new question
>
> @Amos's solution : Mine is a transparent proxy sorry i didn't mention
that
> last time ... and i read that proxy_auth wont work with transparent
proxy
> settings, i also read that there has to be an external authentication
> program ....but i didn't understand it should check the authentication
of
> which credentials
> I just want that for each user a different blocklist/whitelist is
> used(without the user being asked for password).
Given that:
* you earlier said this was on Windows XP
* the use of %userprofile% variable indicates that it is running directly
on the box the user is logged into with their profile in the main registry
view.
* NAT interception ("transparent") is not available in the supported
Squid releases
* access to NAT tables on Windows requires replacing the whole networking
stack anyway
...
What do you mean by transparent then?
>
> @John's solution : i didn't understand what you meant by "i have to
manage
> the whitelist on my own" ??
>
> The new question is ... about fail-safe with squid...
> I want to use 2 servers, one for fail-safe
> so is this configuration right ??
>
> cache_peer IPAdressOfMainServer parent 3128 0 default
> cache_peer IPAdressOfFail-SafeServer sibilling 3128 0
proxy-only
>
> and then do i need to add the names to the dns_nameservers
>
> dns_nameservers IPAdressOfMainServer
> dns_nameservers IPAdressOfFail-SafeServer
>
> cache_peer is mainly for load balancing ....will this setting work??
One question at a time please.
You can work on building more complex systems after you sort out the
fundamental question of who is and is not allowed access and how to
identify them.
>
> On Wed, Aug 18, 2010 at 5:19 AM, Amos Jeffries <squid3_at_treenet.co.nz>
> wrote:
>
>> On Tue, 17 Aug 2010 22:37:31 +0530, sushi squid <sushi.squid_at_gmail.com>
>> wrote:
>> > Thanks JD for the reply,
>> > My Problem is this ...
>> > Imagine a system with three accounts:
>> > 1)Administrator
>> > 2)John
>> > 3)Sushi
>> > I want that in the config file the path should be such that …
>> > when John logsin he has a different block list and when sushi logs in
>> > a different black list is loaded
>> >
>> > This has to be done with single installation of squid ….
>> > any ideas ..???
>>
>> I suggest forgetting loading config on login. That requires that Squid
>> load and startup during their login, which may not be realistic.
>> Particularly when running as a system service, or on a different box
>> altogether.
>>
>> Find some measure to identify the users inside Squid and structure your
>> access controls to identify the user before testing the user-specific
>> ACL.
>> User AD account name would be a good choice here since it's logins you
>> want
>> to base things on. The mswin_* helpers bundled with squid for windows
>> builds contact the local AD/SSPI directly.
>>
>> Each http_access (and other access types) are tested left-to-right
along
>> a
>> line. So a config like this:
>>
>> acl userJohn proxy_auth john
>> acl userBob proxy_auth bob
>> acl userJohnBlocklist dstdomain "C:/userJohnBlocklist.txt"
>> acl userBobBlocklist dstdomain "C:/userBobBlocklist.txt"
>>
>> http_access allow userJohn !userJohnBlocklist
>> http_access allow userBob !userBobBlocklist
>> http_access deny all
>>
>> will only block requests which match "userJohn" using the
>> "userJohnBlocklist" list. vice versa for "userBob" and his list.
>>
>> Amos
>>
>> >
>> > On 8/17/10, John Doe <jdmls_at_yahoo.com> wrote:
>> >> From: sushi squid <sushi.squid_at_gmail.com>
>> >>
>> >>> I am a newbie in squid ... my squid config file is giving some
>> strange
>> >>> error
>> >>> My OS is Windows XP and squid version is 2.6Stable
>> >>> In the acl permission list the path is as follows
>> >>> acl goodsite url_regex -i "%userprofile%/whitelist.txt"
>> >>
>> >> Maybe I am wrong but I do not think squid will resolve your
>> %userprofile%
>> >> variable...
>> >>
>> >> JD
>> >>
>> >>
>> >>
>> >>
>>
Received on Thu Aug 19 2010 - 06:09:20 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 19 2010 - 12:00:02 MDT