I would be indentifying the users by IP address. Only certain machines will be able to access certain websites. There is a commercial solution I could use but would rather use Squid to do this. The ACL's would have to be able to accept domain names as the criteria in which to allow or disallow access.
For example:
acl LIST src 10.1.1.1/32 acl LIST2 src 10.1.2.3-10.1.2.20 acl DOM dstdomain .foo.com .foo2.com http_access allow LIST DOM http_access deny LIST /* LIST's client can only go to DOM's domain */ http_access deny LIST2 DOM http_access allow LIST2 /* LIST2 cant go to DOM */
Hope helps. Ilker G. ---------
"Give peace a chance." J.Lenon
