Hello, i'm using squid 2.6 Version 2.6.STABLE21 (provided with CentOS 5.x), using NTLM AUTH. Since I'm able to apply ACLs to Windows Groups, I'm just wondering if I can apply an ACL only to a single user. Should I need to create a group only for that user and apply an acl to that group or there's a different way?
Thanks Here's my config (some comments are in italian): --------------------------------------------- http_port 8080 hierarchy_stoplist cgi-bin ? cache_mem 4 MB cache_swap_low 85 cache_swap_high 90 cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid auth_param ntlm program /usr/lib64/squid/ntlm_auth DOMAIN/PDC # Hidden for privacy auth_param basic program /usr/lib64/squid/ntlm_auth DOMAIN/PDC # Hidden for privacy auth_param basic children 5 auth_param basic realm Squid Access auth_param basic credentialsttl 2 hours external_acl_type check-group ttl=0 concurrency=0 %LOGIN /usr/lib64/squid/wbinfo_group.pl acl all src 0.0.0.0/0.0.0.0 acl lan src 192.168.1.0/255.255.255.0 acl to_lan dst 192.168.1.0/255.255.255.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl QUERY urlpath_regex cgi-bin \? acl autenticati proxy_auth REQUIRED acl siti_blacklist url_regex "/etc/squid/blacklist.txt" acl siti_whitelist url_regex "/etc/squid/whitelist.txt" acl siti_limitati url_regex "/etc/squid/limitati.txt" acl titolari external check-group group1 acl dipendenti external check-group group2 acl limitati external check-group group3 # Things never to cache #no_cache deny QUERY # Enable this if you don't want any caching #no_cache deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # Permettiamo l'accesso dal computer locale senza restrizioni http_access allow localhost # Permettiamo l'accesso dalla rete locale verso tutta la rete http_access allow to_lan lan # Permettiamo l'accesso dalla rete locale verso dei siti in whitelist http_access allow siti_whitelist lan # Accesso senza restrizioni per i titolari http_access allow titolari # I dipendenti possono visitare tutti i siti web ad eccezione # di quelli listati nel file di blacklist http_access allow !siti_blacklist dipendenti # Gli utenti limitati possono accedere solamente ad alcuni siti http_access allow siti_limitati limitati # Tutti gli altri accessi sono negati http_access deny !autenticati http_access deny all http_reply_access allow all acl FTP proto FTP always_direcache_mgr mana...@mylan.com cache_effective_user squid cache_effective_group squid # I have very little RAM, so I set this off. YMMV memory_pools on forwarded_for on #error_directory /etc/squid/errors coredump_dir /var/spool/squid # note 33,2 lets you see which acl allowed or denied debug_options ALL,1 33,2ct allow FTP ------------------------------------------------------
