On Thu, 2006-01-26 at 08:19 -0700, Stephen Smith wrote: > The only thing I know about Squid is that it is an internet proxy. > How does it selectively block internet access without knowning the > clients IP address (DHCP would issue different addresses each day). > Can it block by MAC address? From the email point of view, I can see > that it could block by the sender's address, but I am at a loss as to > how it would block internet access.
If you really want the finest grained access control you'll want to look at SOCKS. Squid is an HTTP proxy, while SOCKS is a protocol to proxy any connection. You can then write all sorts of detailed rules about who can access which protocol from such and such machine at this time, etc. <sarcasm>Boy do I wish I could micromanage my company's Internet access.</sarcasm> SOCKS requires a username and password to gain access. Squid can be set up that way as well, without much trouble. It can also use ident to query the source machine for the logged in user. > Frankly, I find that the restrictions make my job excessively > difficult, it would be better to have the ability to view what is > being accessed on the web by each computer. Does Squid have a UI that > makes viewing by computer easy or is there add-on tools to view the > logs and cache by machine name, MAC or IP? I've used Calamaris and it works OK. I don't know of any generic tools to do real-time log analysis, but I haven't looked too closely either. It shouldn't be hard to parse the log and stick it in a database fronted by a simple web app. Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
