> -----Original Message----- > From: WA Support > > Currently we are using N2H2's Bess/squid filtering system, but I am > looking to replace it with squid/squidGuard. > > One of the features of the N2H2 system is the ability for me to assign > my 'Bess' customers and authorized override username and password. Then > when one of these customers gets to a blocked web site, if they want, > they can override the block for a user specified length of time (default > is 15 minutes). I would like to have a similar capability with > squid/squidGuard.
What are you using for authentication/authorization? You could work something with external authentication so that their user id changes by the addition of a prefix or suffix when they are in override. bjones becomes bjones.ovr, or something. Then add an addition source group (OVRDE) in squidGuard, and put all users in there with the override suffix. Your authentication (helper?) module would be responsible for timing and resetting. squidGuard has "timers", but they are driven by the config file. So adding or changing a timer would require changing the config file and bouncing squidGuard. And since bouncing squidGuard also means bouncing squid, making a change to one of squid's acls should be an equally attractive/unattractive option. You could use the redirector_access acl to allow someone to bypass the redirector: acl NoRedirect src 192.168.44.1 redirector_access deny NoRedirect redirector_access allow all You would be responsible for creating a timer and removing the entry (and squid -k reconfigure) when the timer expired. You could build a stand alone module to handle the switch to and from override. There is a 'wrapzap' module available on this page http://adzapper.sourceforge.net/ that can be used to chain redirectors. You could set it up to go to your override module first. If they are not in override you pass the request to squidGuard for it to handled normally. If they are in override you bypass squidGuard and return a blank line (approval) to squid. Or, you could do it some other way. :) However you handle it, don't underestimate the value of a well maintained blacklist. Rick > > I am not sure how the N2H2 system operates their override system since > their entire system lives on a proprietary linux box that they > furnished. But I suspect it is just a database lookup to see if the > current user is in 'override status' before their redirector applies a > block. If the user is in 'override status,' then they probably just > pass the requested URL straight through to squid, if not, the then URL > is filtered. Then they probably have some kind of timer set on a > database field for the user to change the 'override status' field. I > can do this with a cron job, but that is not very elegant. Better if > the database system has a built-in timmer. I don't think MySQL and > Postgresql have timers. > > Just some thoughts on how the N2H2 override paradigm might work, but > also thinking outloud to see how I might implement one with squidGuard. > > To answer your question list below, correct, except I do not want to > give my users capability to **permanently** override anything. Maybe > later after I have solved the general override issue, but not now. > > Thanks, > Murrah Boswell > > Rick Matthews wrote: > > > > > -----Original Message----- > > > From: WA Support > > > > > > Has anyone ever had any luck with getting an 'override' system to > > > work with squidGuard? > > > > > > I need a system where my users can temporarily override the > > > domains/urls in the blacklists. > > > > Help me better understand the problem: > > a) Users need temporary access to hustler.com. > > b) CNN.com is somehow in the porn domains list. > > c) Expressionlist is falsely blocking particular url or news story. > > ( <a> might be temporary, but <b> and <c> could be permanent.) > > > > "...where my users can temporarily override..." > > This should be something that the user can initiate? Will you have > > a need to know who and when? > > > > Thanks, > > Rick >
