[squid-users] R: Basic explanation on configuration

Roberto Nunnari roberto.nunnari at edu.ti.ch
Mon Aug 10 09:51:55 UTC 2020


Hello.

 

In the previous message I forgot to include what I did till now in
squid.conf (edited to replace sensitive information).

In part from default conf and in part from old installation and in part
adapted to my needs.

 

Thank you and best regards.

Robi

 

 

Da: squid-users <squid-users-bounces at lists.squid-cache.org> Per conto di
Roberto Nunnari
Inviato: lunedì, 10 agosto 2020 10:44
A: squid-users at lists.squid-cache.org
Oggetto: [squid-users] Basic explanation on configuration

 

Hello.

 

I need to build a new linux server with squid to replace an old one.

The old server is running squid version 3.3.8 and authenticates against
Active Directory. In the conf I see ldap, ntlm, kerberos and negotiator +
wbinfo.

 

The new server is running squid version 4.4.8. I’m trying to keep it simple
and keep the conf file clean.

That’s why for authentication and authorization I try to use only
basic_ldap_auth and ext_ldap_group_acl.

 

I would like to understand the basics of squid.conf but I find the online
documentation is missing the basics.. for instance I believe the acl
directive uses logical ‘and’ when using multiple values on the same line,
and uses logical ‘or’ when using multiple lines for the same acl name..

 

That is something it should be written clear in the documentation. Maybe it
is somewhere, but I could not find that information.

 

Same for http_access.. how does it works? What happens when the first match
is found? It applies the rule and exits or it goes on to the next lines?

 

What I need to implement is more or less this :

 

1)      Every user needs to provide valid username and password (from AD).

2)      Users who belongs to a given AD group, can go on and access the
internet

3)      Other users need to be inside a file. If they are found in that
file, they can access the internet

4)      Some websites are accessible without being in group 2) or in file 3)

5)      Some websites are forbidden for everybody

6)      Some websites are allowed only for users in group 2)

 

I’ll appreciate some help.

 

Thank you and best regards.

Robi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200810/386c97c4/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: out.txt
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200810/386c97c4/attachment.txt>


More information about the squid-users mailing list