[squid-users] dynamic ACLs
squid3 at treenet.co.nz
Thu Apr 16 12:43:45 UTC 2020
On 16/04/20 9:09 pm, Vieri wrote:
> In sslbump tproxy "mode" one cannot authenticate user to limit/allow their access to web content.
> I was thinking however of making a web form with auth within a custom Squid error page. This way a user would "automatically" whitelist a web site and have access to it while the IT dep. would know which user accessed where despite the site being blacklisted.
> From the error page I can tell which ACL is blocking that site so I could create an "exception" ACL for that ACL.
> My question is: can this whitelist or graylist ACL be dynamic without needing to reload Squid, a bit like ipsets with iptables/nftables without the need to reload rules?
Squid comes with an external ACL helper that authorizes access based on
DB entries. You can use any system you like to manage the DB entries.
More information about the squid-users