I have a remote office with five employees who use an IPCOP box to connect to the internet. The workstations are win2k (and no, I can't change that. Some of our software only works on MS, I'm working on it) I need to set it up so that four of the users are only allowed to go to sites on a small list, while the manager can go anywhere. IPCOP uses SQUID as it's proxy component, so I've done some reading and here's what I've come up with:
I created a directory called controls in /var/ipcop/proxy
I created a file called collectors_group in the controls directory which holds the login names of members of this group, as a test case I'm using the root account.
I created a file called collectors_sites in the controls directory which has a list of url regexes where they are allowed to go, as a test case I have blackborder\.com as the only entry.
The directory and both files are owned and grouped with the nobody user that IPCOP uses for the proxy directory.
Using jmacs (death to vi!) I edited the /var/ipcop/proxy/squid.conf file to add the following lines:
authenticate_program /usr/lib/squid/ncsa_auth /etc/shadow
acl collectors_group proxy_auth REQUIRED "/var/ipcop/proxy/controls/collectors_group"
acl collectors_sites url_regex "/var/ipcop/proxy/controls/collectors_sites"
http_access allow collectors_sites collectors_group
http_access deny collectors_group
I made sure to put all of that BEFORE any other http_access rules. As far as I can tell it doesn't seem to be working, anyone have an idea of what's going on?
Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates
"Within every man beats a heart of darkness." --The Shadow
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
