Thanks Rick,
I thoght about this also, but it seemed to me as double work to
squid/squidGuard, as both will be then use the same list of users (abt.
15000 here). What do you think, would this affect the performance of the
proxy?
Is there no way to just say "all not authenticated users" ? Or am I trying
to do something stupid here? ;)
Regards
Antti Vahalummukka
------------
> How can I set up two sets of rules for user that have authenticated
> and those who have not?
>
> In our environment we have users that can surf as they like and
> users that ara limited to small amount of usefull sites like banks
> etc. We call these sites open sites and they are defined for squid
> to be accessed without authentication. All other sites will ask for
> authentication.
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db
src authusers {
userlist filename
}
dest porn {
domainlist porn/domains
urllist porn/urls
redirect http://yourserver.com/whatever
log blocked.log
}
dest pornexp {
expressionlist porn/expressions
redirect http://yourserver.com/whatever
log blocked.log
}
.
other source groups
.
dest opensites {
domainlist opensites/domains
urllist opensites/urls
}
acl {
authusers {
pass opensites !porn !pornexp .... all
}
default {
pass opensites none
redirect http://yourserver.com/whatever
log blocked.log
}
}
---------------------------------
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: Sunday, March 30, 2003 6:56 AM
> To: [EMAIL PROTECTED]
> Subject: Differentiating authenticated and non-authenticated users?
>
>
> Hi
>
> I spent a day reading documents and FAQ and googling internet but no luck
> to this question:
>
> How can I set up two sets of rules for user that have authenticated and
> those who have not?
>
> In our environment we have users that can surf as they like and users
that
> ara limited to small amount of usefull sites like banks etc. We call
these
> sites open sites and they are defined for squid to be accessed without
> authentication. All other sites will ask for authentication.
>
> I tried to define it like this as the username shows up as - on those
users
> that have not authenticated:
>
> src opensiteusers {
> user -
> log opensiteusers.log
> }
>
> this causes squidGuard to go in the emergency mode because of a syntax
> error in the user line.
>
>
> I looked at the sources and patched the sgDiv.c file, parseLine function
to
> convert the "-" to "anon"
> and got it working:
>
> src opensiteusers {
> user anon
> log opensiteusers.log
> }
>
> , but is there an easier way?
>
> Also, it seems that usernames have a size limit, as I tried anonymous
> instead of anon first, but that also puts sG to emergency mode. Is this
> true and if it is true what is the limit?
>
>
> Regards
> Antti Vahalummukka
>
>
>
