On Saturday 14 June 2003 19.27, Mark Fagan wrote: > Lets say its OK to authenticate by user only, can I create an acl > that applies to say, user1, user2, user3 and so on, using only > smb_auth and without upgrading or recompiling my current > version.(assuming I install the M$ patch first) > > If this is possible what would be the sytax to get it all working: > > Lets say User1, User2 and User 3: should be allowed to access > www.yahoo.com
Yes. See the proxy_auth and dstdomain acl types. Example: # Allow group1 access to their sites only acl group1 proxy_auth user1 user2 user3 acl sites1 dstdomain www.yahoo.com http_access allow group1 sites1 http_access deny group1 # Similarily for another group, but with the data defined # in external files instead of inline in squid.conf acl group2 proxy_auth "/path/to/group2.txt" acl sites2 dstdomain "/path/to/group2_sites.txt" http_access allow group2 sites2 http_access deny group2 # Deny all other uses http_access deny all Names should be selected more appropriate to represent the meaning of the groups. A number of other variants are possible depending on what it is you want to do in relation to other access rights. For example if you remove the group1/2 deny lines above then the rights are accumulative so that if a user is member of both groups he has the rights of both. Another interesting alternative is to use sites1/2 instead on the deny lines, in such cases the rules are a restriction on who may access sites1 vs sites2, not what sites group1 vs group2 may access. -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
