Hi, list... I'm trying to increase security a little at our company proxy. Until now we only used regexps to look for content we do not users to access. Obviously that is easy to work around (rename the .EXE to .JPG and you are set). So I wanted at least to use MIME header ACLs to block certain rep_mime_header types.
We are using LDAP authentication with groups (external_acl) to manage different access levels. The default level can only access HTML files and graphics (png, gif, jpg). Advanced users should get any kind of content. Unfortunately there seem to be problems still using rep_mime_header and external_acl. Hendrik once said (2003-08-10 06:50:55 PST/Re: [squid-users] external_acl and http_reply_access) that "external acl methods is not suitable for use in http_reply_access as http_reply_access can not wait for any external lookups to complete". I understand that it is problematic to wait for the external helper. However is this supported? My experiments using according ACLs did not work out. We are using the 2.5-stable 4 version in our production environment. How could I use both authorization groups and mime-type reply filtering? Would I need to run 3.0? Is it stable enough? How much has changed? Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All
