Re: [squid-users] ACL auth from Essad Korkic on 2011-08-26 (squid-users)

From: Essad Korkic <essad.korkic_at_gmail.com>
Date: Fri, 26 Aug 2011 13:43:10 +0200

Andrew,

If you use LDAP to authenticate your users you could try this:

A small example:

# LDAP helper to get the appropriate groups
external_acl_type ldap_blocked_sites ttl=3600 negative_ttl=3600
%LOGIN /usr/lib64/squid/squid_kerb_ldap -i -g "AD_GROUP_BlockedSites"@
-b "ou=users,dc=example,dc=com" -D REALM.EXAMPLE.COM -S
dc1.example.com,dc2.example.com

#Create an acl with the blocked sites:
acl blacklist dstdomain "/etc/myblockedsites.txt"

#Then map the External ACL to the internal ACL
acl blocked_sites external ldap_blocked_sites

#Then add the appropriate http_access rules.
http_access allow blocked_sites !blacklist

Also check the squid-faq-acl page:
http://wiki.squid-cache.org/SquidFaq/SquidAcl

Good luck...

On Thu, Aug 25, 2011 at 8:32 AM, Andrew Burger
<AndrewB_at_mediafilmservice.com> wrote:
>
> Thanks Amos,
>
> I tried to search for a script that I can modify or something as I don't get this one right.
>
> Any help or anything you can point me to get it right?
>
> Thanks
>
> Andrew
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: 24 August 2011 16:16
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] ACL auth
>
> On 24/08/11 20:59, Andrew Burger wrote:
> > Hi there,
> >
> > I would like to know I have the following in m y squid.conf
> >
> > Should I wish to block a user from a website I do it that way.
> >
> > But now we got more then 100 users that use squid and I would like to
> > setup like a external file where I can put in different sites to block
> > different users.
> >
> > Because the problem now is if user "A" is block on facebook and user
> > "B" is not and I want to block a site for user "B" and add him to the
> > baduser name he will then be block from facebook as well.
> >
> > So I want to tell squid that this user is block from all this site's.
> >
>
> I suggest an external_acl_type helper script to produce OK/ERR responses. With %LOGIN %DST (user domain) as input it can do whatever you like, from any form of backend database.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.14
> Beta testers wanted for 3.2.0.10
Received on Fri Aug 26 2011 - 11:43:19 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 27 2011 - 12:00:04 MDT