block specific users in squid
Is there any way of denying specific users in squid from accessing blocked sites? Just like an isa server.
Thanks |
There are ways to do this using the acl functions of the webcache, for example
Configure the auth_param to setup user authentication. auth_param basic program /usr/bin/verifyusers auth_param basic children 5 auth_param basic realm Squid proxy-caching web server the program /usr/bin/verifyusers needs to verify the username and password and return OK or ERR it can be anywhere so long as squid has appropriate rights to run it and preform the authentication. assuming you have an acl which contains your blocked sites in the example below there are 2 types of blocked sites one by domain and one by regular expression match. The third line creates a rule called allusers that says all users must be authenticated. The last ACL defines a rule called restrictedusers for usernames listed in the file /etc/squid/restrictedusers acl blocked dstdomain baddomain.com acl regexblock url_regex -i "/etc/squid/tcat-config/regexblock-sites" acl allusers proxy_auth REQUIRED acl restrictedusers proxy_auth "/etc/squid/restrictedusers" # Although all of these rules have been created they have not been applied, they are applied in the http_access # commands. http_access deny restrictedusers blocked http_access deny restrictedusers regexblock http_access allow allusers http_access deny all # The first line says deny access to users who are in restricted users and who are accessing a blocked site # The second the same as the first but for the blocked sites matched by a regular expression # The third allow all users so long as they pass authentication # the fourth deny any other requests. # The http_access rules fall through so if the user does not match all the entires on the first http_access the system # falls through to the next and so on. Hope this is of use |
is the verifyusers the same like htaccess?
i got the following error acl priv_auth proxy_auth REQUIRED because no authentication schemes are completed. why is this? thanks for your help |
The verifyusers is a program that accepts a username and password and verifies it somehow and then outputs either OK or ERR.
You may find a number of programs have been provided with your distribution have a look in Code:
/usr/lib/squid I think the error you are getting is basically saying you MUST have the authenticator program configured and working before you can use proxy_auth. If you create a .htpasswd file you could then do. Code:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/my-htpassword-format-file |
I have a problem when I configure squid.conf to use ncsa squid won't start. why is that?
|
All times are GMT -5. The time now is 08:38 AM. |