> The final config will contain a lot more users, and a lot more block > lists. As you can imagine, things could soon get messy. > I guess you've answered my question though, it looks like there's no > easy way to achieve what I want.
What is the "easy" method that you'd like to use? I don't understand. Let's say you have 250 users and 20 block lists. I can't imagine that you'd want to process those in this fashion: Processing the porn block group: Bob? No. Frank? Yes. Sam? Yes. Sally? Yes....... User 250? No. Processing the Gambling block group: Bob? Yes. Frank? Yes? Sam? Yes. Sally? Yes....... User 250? Yes. . . . Processing block group #20: That would be a nightmare! Who will be making the decision about each of the users? What information will they use in making their decision? How will they communicate that decision to you? If the users are employees the decision will probably be based on their job duties or their "rank" in the organization. If the users are students it will probably be based on age, grade, major, class, etc. I'd make up a list of all of the realistic block group combinations that will be needed. I can't image that you would have more than 10 or maybe 15, tops. It will probably be more like 5. Make up an authorization form and put check boxes by each of the groupings: - Group_1: Porn, gambling - Group_2: Porn, gambling, drugs - Group_3: Drugs, sports Maybe the group names are Clerical, Analyst, Customer Service, etc. Then the person authorizing simply checks the applicable box, and the groups become your acl. You don't think that will work for you? Rick > -----Original Message----- > From: b1rdy [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 01, 2002 4:04 AM > To: 'Rick Matthews' > Cc: 'Squidguard Mailing List' > Subject: RE: Problem with multiple source and destination groups > > > Thanks for your reply. > The problem is that the example I gave was purely an example. The final > config will contain a lot more users, and a lot more block lists. As > you can imagine, things could soon get messy. > I guess you've answered my question though, it looks like there's no > easy way to achieve what I want. > > Best Regards, > Mark Read > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Matthews > Sent: 29 June 2002 05:29 > To: b1rdy > Cc: Squidguard Mailing List > Subject: RE: Problem with multiple source and destination groups > > > Try this: > > logdir /usr/local/squidGuard/log > dbhome /usr/local/squidGuard/db > > src p-group { > user user1 > } > > src p_g-group { > user user2 > user user3 > } > > dest porn-list { > domainlist porn-domain-blacklist > urllist porn-url-blacklist > } > > dest gambling-list { > domainlist gambling-domain-blacklist > urllist gambling-url-blacklist > } > > acl { > p-group { > pass !porn-list all > } > > p_g-group { > pass !porn-list !gambling-list all > } > > default { > pass none > redirect http://www.google.com > } > } > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of b1rdy > > Sent: Friday, June 28, 2002 3:16 AM > > To: [EMAIL PROTECTED] > > Subject: Problem with multiple source and destination groups > > > > > > Hi all, > > Firstly, apologies if this is a dumb question but after the week I've > > had I'm having problems understanding how a toaster works. > > Basically, what I'm trying to achieve is a config with multiple source > > and destination groups, and I can't get it working. From reading all > > the documentation I'm beginning to suspect that what I want to do is > not > > possible. > > So, here's the scenario... > > I want to be able to use multiple block lists, such as porn, gambling, > > etc, and then specify which users will be blocked by these individual > > lists. Example: > > user1, user2, user3 to be blocked for porn sites. > > user2, user3 to be blocked for gambling sites. > > The problem as I see it is that a user cannot be a member of more than > > one source group. If user2, for example tries to access a gambling > > site, he's first seen as being part of the porn group and since the > > gambling site he's trying to access is not part of the porn blacklist, > > he's allowed to pass. If he tries to access a porn site, he's blocked > > fine. Am I understanding this correctly, or is there a way around it? > > I have included my current config below. > > > > TIA > > > > Mark Read > > > > > > Current squidGuard.conf: > > > > logdir /usr/local/squidGuard/log > > dbhome /usr/local/squidGuard/db > > > > src porn-group { > > user user1 > > user user2 > > user user3 > > } > > > > src gambling-group { > > user user2 > > user user3 > > } > > > > dest porn-list { > > domainlist porn-domain-blacklist > > urllist porn-url-blacklist > > } > > > > dest gambling-list { > > domainlist gambling-domain-blacklist > > urllist gambling-url-blacklist > > } > > > > acl { > > porn-group { > > pass !porn-list > > } > > > > gambling-group { > > pass !gambling-list > > } > > > > default { > > pass all > > redirect http://www.google.com > > } > > } > > > > > >
