Hi Rahul
For your suitation u need to enable authentication. and then put rules in
squid for allowing and denying access based on groups. Here is the procedure
to do so
For Authentication
To enable authentication in squid u need to do the following. Complile an
authentication module this is done by (provided we use NCSA type
authentication) and squid is installed in /usr/local/squid/src
# cd /usr/local/squid/src/auth_modules/NCSA
# make
# make install
Next you need to edit your squid.conf file and add the following to your
existing squid.conf file
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd
authenticate_children 5
authenticate_ttl 5 minutes
Now make a file passwd in /usr/local/squid/etc
# touch /usr/local/squid/etc/passwd
# chown nobody:nogroup /usr/local/squid/etc/passwd
create your users and password database ( this is done by installing Apache
and using htaccess from /usr/local/apache/bin/htpasswd. A sample script
automatically creating users and password is as follows. The contents of this
file is as follows
/usr/local/apache/bin/htpasswd -b /usr/local/squid/etc/passwd user1 web
/usr/local/apache/bin/htpasswd -b /usr/local/squid/etc/passwd user2 web
/usr/local/apache/bin/htpasswd -b /usr/local/squid/etc/passwd user3 web
/usr/local/apache/bin/htpasswd -b /usr/local/squid/etc/passwd user4 web
/usr/local/apache/bin/htpasswd -b /usr/local/squid/etc/passwd user5 web
Where user1 is name of user and web is the password for that user1
We now need to also add the following to the squid.conf file so that we are
prompted for a username and password when we try to use the cache.
proxy_auth_realm ControlNet Web Access
After authentication edit your squid.conf file and create these acl
acl groupA proxy-auth username "/usr/local/squid/etc/groupa"
acl groupB proxy-auth username "/usr/local/squid/etc/groupb"
acl passwd proxy-auth REQUIRED
acl bad url-regex -i "/usr/local/squid/badurls"
acl all src 0.0.0.0/0.0.0.0
acl groupagood url-regex -i "/usr/local/squid/goodurlsforgroupa"
http_access deny groupA all !groupagood !bad
http_access allow groupB all !bad
http_access allow groupA passwd
http_access allow groupB passwd
Here what we did was created 2 aclnames (groupa and groupb) all the users will
be contained in two files ie groupa and groupb located in
/usr/local/squid/etc/ and they are supposed to use authentication ( please
note the file should be in a format one username per line ) also badurls and
goodurlsforgroupa files to be created with badurls having the list of all the
bad sites which will be denied access to both groups and file
goodurlsforgroupa to have list of all the good sites for access of groupa
For futher clarification you can mail me
Enjoy Squiding
Arvind Clemente
Rahul Torvi wrote:
> Hi All,
>
> Can anybody help me out in squid,
>
> I want to allows users only to certain sites but this has to be done thru
> user authentication and not IP based
>
> Group A -> Allowed certain site from database
> Group B -> Full Access
> GroupA & Group B -> Disallowed to certain sites from database
>
> *** On user basis .....after user is authenticated ......and not on IP*****
>
> Best Regards
>
> Rahul T
>
> _______________________________________________
> linux-india-help mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/linux-india-help
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
