I'm fairly new to getting my hands dirty with squid config, and I've
hit upon a problem.
I want to only allow a groups of machines to access the proxy
when they have done user authentication and the URL is not in
my porn.acl... or it _is_ in the notporn.acl
My acls are
acl usermachines src x.x.x.x/255.255.0.0
acl authenticate proxy_auth REQUIRED
acl porn url_regex "/opt/squid/etc/porn.acl"
acl notporn url_regex "/opt/squid/etc/notporn.acl"
Now I can do:
http_access deny porn !notporn
http_access allow usermachines authenticate
And everything is happy except that when a site is denied - the logs
don't show _who_ was denied!
So.. I'm trying:
http_access allow usermachines authenticate !porn notport
But notporn isn't catchall... I really need something like:
http_access allow usermachines authenticate (!porn notporn)
I guess I could do:
http_access deny usermachines authenticate porn !notporn
http_access allow usermachines authenticate
which should give me usernames in the DENIED log lines - but at the
expense of running the authentication stuff twice.
Perhaps that's acceptable...
Any ideas anyone?
--Paul
This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT