Hi !! > > 1) My Squid.conf relevant lines below: > > > > [...] > > acl autenticados proxy_auth REQUIRED > > [...] > > acl liberado dstdom_regex "/etc/squid/liberado.txt" > > acl semacesso dstdom_regex "/etc/squid/semacesso.txt" > > [...] > > http_access allow autenticados > > > > http_access allow liberado > > http_access deny semacesso > > [...] > > # And finally deny all other access to this proxy > > http_access allow localhost > > http_access deny all > > [...] > > > > In this configuration it allows an authenticated user to access any site, > > even the forbidden ones. OTOH, I put the 'liberado' and 'semacesso' lines > > ABOVE the authentication line, the user does not access forbidden sites > > and Squid logs that into Cache.log, but WITHOUT the lame user's login. > > Untested: > http_access allow localhost > http_access deny semacesso autenticados > http_access allow autenticados > http_access deny all >
When you use "http_access allow autenticados" as your first rule, you are saying that anyone who authenticates have access to any site, as squid´s rules are processed in the order that they are declared, so you should place your deny rules before this one. > > 2) Is there a better way to permit access to non-pornographic sites (eg > > esSEX.ac.uk) but block pornographic ones (eg SEX.com)? > > A content scanning proxy. Unfortunately I don't have any experience with > this (the squids I manage either don't have content scanning, or they talk > to a parent proxy which does scan but which I don't manage) > > Joost > > You can use DansGuardian, wich is a url and content filter that works with squid, or squidguard, wich is just a url filter. You can also use some public lists of urls do be blocked bye either filter. Regards, Carlos.
