0
votes

I'm facing some difficulties while applying a filter to authenticated users in squid3 web proxy server version 3.3.8 .

I already configured squid3 as follows:

  • NCSA Authentication

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords

auth_param basic children 5

auth_param basic realm Squid Proxy Web Server

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive on

  • Custome ACLs

I created some new ACLs as follows:

acl group1 src "/etc/squid3/group1_ips.txt" proxy_auth REQUIRED

acl bad_domains dstdomain "/etc/squid3/bad_domains.txt"

where group1_ips.txt is a file containing the list of I IPs of a certain group1 and bad_domains.txt is a file containing the list of domains I want to filter.

  • http_access

Now in http_access I made the following:

http_access deny bad_domains group1

http_access allow all

  • My problem is:

Authenticating a list of users via their IP and to prevent them from logging into some web sites. Basically this line of code which does not work.

acl group1 src "/etc/squid3/group1_ips.txt" proxy_auth REQUIRED

However this line works:

acl group1 proxy_auth REQUIRED

But I want the group1 ACL to use the src argument. I tried this also but it did not work:

acl group1 src "/etc/squid3/group1_ips.txt"

acl group1 proxy_auth REQUIRED

Please how can I solve this: Applying a Filter to authenticated users?

Thank you in advance.

2

2 Answers

0
votes

You can do something like this:

acl group1 src "/etc/squid3/group1_ips.txt"
acl bad_domains dstdomain "/etc/squid3/bad_domains.txt
acl auth proxy_auth REQUIRED

# we require authentication for all users here
http_access deny !auth

# allow all for group1 except of bad_domains
http_access allow !bad_domains group1

# deny if not matched rules above
http_access deny all
0
votes

I checked the documentation and there is no reference you can use "src" followed by a file containing IP addresses - every example seems to point to a specific address or network.

Are you sure what you are trying to do is supported?

Source: http://wiki.squid-cache.org/SquidFaq/SquidAcl

I intended to post this as a comment but I lack the reputation.