On Fri, 20 Feb 2004, Frank Fegert wrote:
> 1.) Assuming that the browser submits browsertype and OS-version at
> each request, i could use this information. The question is how
> i would access the information and pass it to an ACL?
See the browser ACL. It uses regex patterns for matching the User-Agent
header as sent by the client. MSIE and most browsers include comment
information in this header indicating which OS they run on.
> 2.) Taken from the squid logs the client submits it's IP upon each
> request. I would resolve the IP to a hostname, and look up if a
> workstation object of the same name exists in the ADS by using
> ldapsearch. Regarding the use of ldapsearch i would add the code
> to squid_ldap_auth.
The idea is good, but authentication is the wrong place to add this into.
What you should do for implementing this idea is to write a small external
helper to Squid which performs only this check. See the external_acl_type
directive.
Regards
Henrik
Received on Sun Feb 22 2004 - 10:25:06 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST