[squid-users] Just a simple question about ACL

VerĂ³nica Ovando vero.ovando at live.com
Sun Mar 6 01:18:04 UTC 2016


Hi, community.

I need to understand why this rules are not working.

My squid is working with AD authentication.

I need to allow the group *AD_informatico* to visit facebook only during 
*maniana_ocio* and *tarde_ocio* and have full access to the web. They 
are not working. *AD_informatico* can visit facebook without problems. I 
tryed something like this: *http_access deny !maniana_ocio facebook 
AD_informatico*, it denies the access but the browser shows a pop-up to 
login when someone visits facebook or other site that tries to connect 
to facebook. So, what happens?

Here is my squid.conf (a part of it):

####################################################
#*******************HELPERS para Active Directory**************************#
####################################################

auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp --DOMAIN=DOMAIN
auth_param ntlm children 30
auth_param ntlm keep_alive off

auth_param basic program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Servidor proxy-cache de la DPR
auth_param basic credentialsttl 2 hours

#---------------------------ACL Active Directory------------------------#
external_acl_type Grupos_AD ttl=10 children=10 %LOGIN 
/usr/lib/squid3/ext_wbinfo_group_acl -d
acl AD_informatico external Grupos_AD informatico

#--------------------Horarios de acceso --------------------------------#
acl maniana_ocio time MTWHF 07:00-07:59
acl tarde_ocio time MTWHF 13:00-13:59

#-----------------------Listado de paginas------------------------------#
acl facebook_m url_regex -i "/etc/squid3/ACLs/pagFacebook"
acl facebook_t url_regex -i "/etc/squid3/ACLs/pagFacebook"

####################################################
#*****************************Reglas***************************************#
####################################################

acl auth proxy_auth REQUIRED
http_access deny !auth
http_access deny after_hours all

#-----------------------------Grupo 
*informatico*----------------------------#
http_access allow maniana_ocio facebook_m AD_informatico
http_access allow tarde_ocio facebook_t AD_informatico
http_access allow AD_informatico

http_access deny all

One more question: when a I move a user from a group to another in 
Active Directory, how much time does squid need to know about that change?

Thanks and sorry for my english.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160305/0eeb8300/attachment.html>


More information about the squid-users mailing list