I do this by running an ident client on all of the client machines. The
ident client responds to ident queries from Squid. I then set up squid to
have an ident acl and an http_access line to require a valid ident response:
acl idents ident REQUIRED
http_access allow idents
I then put in src -> user blocks in the squidguard.conf file:
src adults {
user adult1 adult2...
}
src kids {
user kid1 kid2...
}
And here is the acl list:
acl {
adults {
pass bl_ok !bl_notok !bl_ads all
redirect <something>
}
kids within authtime {
pass bl_ok !bl_notok !bl_ads !bl_porn... all
redirect <something else>
}
else {
pass none
redirect <something yet else>
}
default {
pass none
redirect <something bleak>
}
}
Now I set up the network to require logons; you can do this with poledit for
Win9x if you have a Samba or NT server; Win2k or XP can be set up that way
standalone. This limits access to the Web on a per user basis. The
limitations are: it doesn't work with squid in transparent proxy mode, so
you have to make sure your firewall redirects all web stuff to squid, and
that the browser is set up to use the proxy. Also, anyone with privileged
access needs to remember to logout when they're done using the computer (but
this is inherent in any password protection approach which doesn't timeout
the login).
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dan Berkman
Sent: Friday, February 15, 2002 1:00 PM
To: [EMAIL PROTECTED]
Subject: redirect bypass?
I'm attempting to implement some sort of bypass to a redirect by squidguard.
for example:
normally geocities.com is blocked and squidguard redirects
but, by entering username/password somewhere, squidguard will pass all for
them
I don't want to make all users authenticate/login before accessing the
web/proxy. So, I'm not sure how to go about limiting/allowing access in this
way.
Is this in anyway possible?
Thanks,
Dan Berkman
