[squid-users] whitelists and active directory help

Horacio Diaz Requejo hdiaz at ggm.mx
Fri Jan 16 20:36:41 UTC 2015 

Hi Samuel ¡!!

  The way i´m doing this is creating two text files for each group. One with the authorized usernames to use this group, and another with the authorized domains.

acl pag-gm-ventas dstdomain "/etc/squid/acl/pag-gm-ventas"
acl usu-gm-ventas proxy_auth "/etc/squid/acl/usu-gm-ventas"
acl pag-gm-servicio dstdomain "/etc/squid/acl/pag-gm-servicio"
acl usu-gm-servicio proxy_auth "/etc/squid/acl/usu-gm-servicio"

http_access allow usu-gm-ventas pag-gm-ventas
http_access allow usu-gm-servicio pag-gm-servicio

http_access deny all

  Everything else is denied.

Regards

Horacio Díaz-Requejo

De: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] En nombre de Samuel Anderson
Enviado el: viernes, 16 de enero de 2015 12:15 p.m.
Para: squid-users at squid-cache.org
Asunto: [squid-users] whitelists and active directory help

Hello All,

I'm attempting to create way to grant users access to different categories using active directory. Currently what I have works but if a website is not listed in any of the whitelists it will allow traffic to that website. If I add a (http_access deny all) at the end, then nothing works. What I would like is for a user to only have access to whitlists that they are a member of. I'll have around 50 categories in the end. This is just a small sample.

Thanks,


acl NEWS external ldap_group NEWS
acl SHOPPING external ldap_group SHOPPING
acl SOCIALNETWORKING external ldap_group SOCIALNETWORKING
acl RELIGION external ldap_group RELIGION
acl SPORTNEWS external ldap_group SPORTNEWS

acl rule1 url_regex -i "/etc/squid3/whitelists/news/domains"
acl rule2 url_regex -i "/etc/squid3/whitelists/shopping/domains"
acl rule3 url_regex -i "/etc/squid3/whitelists/socialnetworking/domains"
acl rule4 url_regex -i "/etc/squid3/whitelists/religion/domains"
acl rule5 url_regex -i "/etc/squid3/whitelists/sportnews/domains"


http_access deny rule1 !NEWS all
http_access deny rule2 !SHOPPING all
http_access deny rule3 !SOCIALNETWORKING all
http_access deny rule4 !RELIGION all
http_access deny rule5 !SPORTNEWS all
http_access allow all






CONFIDENTIALITY NOTICE:
This e-mail and any attachments are confidential. If you are not an intended recipient, please contact the sender to report the error and delete all copies of this message from your system.  Any unauthorized review, use, disclosure or distribution is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150116/44702046/attachment-0001.html>

More information about the squid-users mailing list