> I am using Dansguardian to determine if something is porn, and > I modified it to set a header (X-Naughty and X-Naughty-Why) > so that the page would still go through, but squid should be > able to identify it as naughty.
> The way I envision it working is, people can browse freely and > unlogged until they get a page that dansguardian blocks, at > which time they are sent to a login page (probably php here) > that authenticates them to the network (using whatever method > your network uses), then sends the username/ip pair to squid > and is put in the struct. If you're willing to sacrifice transparent proxying (replace with auto-config script) and have found a way to match that header with a Squid acl, you could save yourself some major work. 1) Setup an acl that matches the header acl Naughty ... 2) Setup basic authentication by NCSA, LDAP, or whatever auth_param basic ... acl Login proxy_auth REQUIRED 3) Setup your http_access like this: http_access allow !Naughty http_access allow Naughty Login It will only prompt for authentication for Naughty sites. You can then filter the logs looking for an entry (instead of -)in the user field. Adam --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
