Re: [squid-users] bypass squid filtering using credentials

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 12 Jun 2008 11:58:44 -0800

Curt Coleman wrote:
> I am looking to use squid to content filter public computers. Currently I
> have it setup and running on a few test machines. When someone attempts to
> access a restricted site, I have a custom 'access denied' page that appears.
> I would like for this page to contain a field to insert credentials that
> would allow bypassing the filtering. Is this doable?
>

Yes. Have an external_acl that checks a repository of IPs (be it a flat
file, a database or a hash in memory) and change the http_access deny
line that blocks requests to the restricted sites use this acl NANDed
with the list. The custom access denied page allows entering
credentials to bypass the filtering (which updates the mentioned
repository).

In essence...

acl restrictedSites dstdomain .restricted.com .clearancerequired.com
external_acl_type allow-restricted ttl=5 concurrency=50 %SRC
/usr/local/squid/bin/restricted-ip-authenticator
acl allowRestrictedIP external allow-restricted
http_access deny restrictedSites !allowRestrictedIP
deny_info http://my.host/enterCredentialsForAccess.html allowRestrictedIP

...where the script /usr/local/squid/bin/restricted-ip-authenticator,
and the CGI form called by http://my.host/enterCredentialsForAccess.html
are left as an exercise for the reader. The session helper included in
Squid releases later than 2.6 might be a good starting point.

> Thanks in advance.
>
> CC

Chris
Received on Thu Jun 12 2008 - 19:59:02 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 13 2008 - 12:00:04 MDT