On 16/10/2013 1:51 a.m., Marko Cupać wrote:
> On Sat, 05 Oct 2013 03:21:37 +1300
> Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> Move your DG rules into squid.conf rules?
>> The current Squid integrate with clamav via ICAP for realtime streamed
>> scanning, and the rest of your policies just seem to be ways of setting
>> up the ACLs.
>>
>> Amos
> I am advancing into replacement of NTLM/dansguardian with kerberos/squid
> and icap and mapped AD groups with help of LDAP authorization, but there
> are a few things for which I haven't find solution so far:
>
> 1. More informative error messages for users (similar to squidclamav), which
> would contain IP address, username, access group of user, detailed reason
> for not serving content (eg. name of access list).
FYI: the defaults from Squid lean more towards less information revealed
so as to avoid information leaks. But that can be changed if you wish.
see below.
>
> 2. I have a group for which social networks and online video are forbidden.
> But nowadays facebook and youtube placeholders are integrated into a lot
> of sites. When users visit those sites they see a lot of squid cache denied
> pages. Dansguardian has (visually) elegant solution for blocking dstdomains
> as "ADs" category. Iframes and placeholders which embed content from those
> sites are then replaced with "advert blocked" text. I have tried adzapper
> but it doesn't solve my problem as I do not want to zap certain sites globally,
> but only to some groups of users.
>
> Any advices?
http://wiki.squid-cache.org/Features/CustomErrors goes a long way
towards what you are wanting.
There are some details such as groups which are not yet fully available
in the error page macros. But work is underway towards that by several
of the devlopers (and patches from others welcome too of course) so if
you need anything please consider donating towards the development work.
Amos
Received on Tue Oct 15 2013 - 13:16:10 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:06 MDT