Hi.
Actuall I run squid release 'squid-2.5.STABLE6-20040907' and not using
squidguard (squid.conf manually edited).
I defined the following acl types:
A. acl xxxwordssites url_regex
"/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_words" # WORD BASED
applied to all users BLACK list
B. acl xxxsites dstdomain
"/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_sites" # domain
based applied to all users BLACK list
C. acl dstd2all dstdomain
"/usr/local/squid/etc/acls/allowed/allowed2all_domains" # domain based
applied to all users WHITE list
D. acl dstd2hrg dstdomain
"/usr/local/squid/etc/acls/allowed/allowed2hrg_domains" # domain based
applied to HRG group WHITE list
E. acl hrg proxy_auth "/usr/local/squid/etc/groups/hrg" # acl defining HRG
group membership (the file hrg contains valid authenticated usernames)
Following there are
- 'applied to all httpd_access' directives:
http_access deny xxxsites (deny xxx sites to all)
http_access deny xxxwordssites (deny sites with xxx words to all)
http_access allow dstd2all (allow domains in
/usr/local/squid/etc/acls/allowed/allowed2all_domains to all)
- 'applied to specific groups http_access' directives that link the D-type
acl to the E-type:
http_access allow dstd2hrg hrg
And obviously, as final,
http_access deny all
My goal is the following: when a selected group of users (say an other acls
named 'privileged': acl privileged "/usr/local/squid/etc/groups/privileged")
is attempting to get a not allowed web sites (a suspected porn site, or,
generally speaking, a not allowed domain), a web page should tell him/her
that the administrative policies not permit this operation (and this could
be simply done, replacing the error page), BUT if he/she press a
button/click on a link (preceded by some warnign abount logging and mail
alerting, telling the administrator about the following operation), this
could be overrided and the resource can be reached anyway.
Maybe a redirector can do this?
My problem is not replacing the error page (obviously editing the HTML
code), but build a customized error page, giving the user the chance to
'bypass' the controll, clicking on a link, containing the original URL
requested.
Maybe instead of
http_access deny xxxsites
a command like
http_access CONDITIONLY_REDIRECT_to_SOMEWHERE xxxsites
could be useful... :-)
Is there anyone with the same problem, that found a solution or started to
study it, with whom I could work?
Thanks in advance
Davide
Received on Thu Oct 07 2004 - 02:57:50 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST