Hi. Actuall I run squid release 'squid-2.5.STABLE6-20040907' and not using squidguard (squid.conf manually edited). I defined the following acl types:
A. acl xxxwordssites url_regex "/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_words" # WORD BASED applied to all users BLACK list B. acl xxxsites dstdomain "/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_sites" # domain based applied to all users BLACK list C. acl dstd2all dstdomain "/usr/local/squid/etc/acls/allowed/allowed2all_domains" # domain based applied to all users WHITE list D. acl dstd2hrg dstdomain "/usr/local/squid/etc/acls/allowed/allowed2hrg_domains" # domain based applied to HRG group WHITE list E. acl hrg proxy_auth "/usr/local/squid/etc/groups/hrg" # acl defining HRG group membership (the file hrg contains valid authenticated usernames) Following there are - 'applied to all httpd_access' directives: http_access deny xxxsites (deny xxx sites to all) http_access deny xxxwordssites (deny sites with xxx words to all) http_access allow dstd2all (allow domains in /usr/local/squid/etc/acls/allowed/allowed2all_domains to all) - 'applied to specific groups http_access' directives that link the D-type acl to the E-type: http_access allow dstd2hrg hrg And obviously, as final, http_access deny all My goal is the following: when a selected group of users (say an other acls named 'privileged': acl privileged "/usr/local/squid/etc/groups/privileged") is attempting to get a not allowed web sites (a suspected porn site, or, generally speaking, a not allowed domain), a web page should tell him/her that the administrative policies not permit this operation (and this could be simply done, replacing the error page), BUT if he/she press a button/click on a link (preceded by some warnign abount logging and mail alerting, telling the administrator about the following operation), this could be overrided and the resource can be reached anyway. Maybe a redirector can do this? My problem is not replacing the error page (obviously editing the HTML code), but build a customized error page, giving the user the chance to 'bypass' the controll, clicking on a link, containing the original URL requested. Maybe instead of http_access deny xxxsites a command like http_access CONDITIONLY_REDIRECT_to_SOMEWHERE xxxsites could be useful... :-) Is there anyone with the same problem, that found a solution or started to study it, with whom I could work? Thanks in advance Davide
