Re: [squid-users] Using NTLM authentication + possible to split class of access

From: Kinkie <gkinkie_at_gmail.com>
Date: Tue, 26 May 2009 21:14:26 +0200

Yes, it is possible, but hairy: imagine for example a website (e.g.
EBay) which uses isapi.dll as part of the request path, or sites
running as CGI on windows servers (where the URL contains the ".exe"
keyword but it is acually HTML.
Filtering by content-type (via reply_access rules) may help but poses
the same challenges.

In other words it can be done, but the support costs would be really
high except in the most trivial cass. This is what supports the
existence of a category of software products collectively known as
content filters.

On 5/26/09, michael hiatt <michael_hiatt_at_hotmail.com> wrote:
>
> Hi Guys,
> I'm wondering if its possible to setup two different classes of access while
> still using NTLM authentication.
> E.G. basic access that allows only web documents (and images and CSS)
> Supervisor type access that allows downloading of .zip .exe and other
> potentially harmful files (but still required for some users).
>
> This would be great if I could still retain the same url block lists however
> and settings for mostly everything else without too much duplication.
>
>
> Thanks in advance again guys
>
> Regards,
> Michael
>
> _________________________________________________________________
> Looking to move somewhere new this winter? Let ninemsn property help
> http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Edomain%2Ecom%2Eau%2F%3Fs%5Fcid%3DFDMedia%3ANineMSN%5FHotmail%5FTagline&_t=774152450&_r=Domain_tagline&_m=EXT

-- 
    /kinkie
Received on Tue May 26 2009 - 19:14:36 MDT

This archive was generated by hypermail 2.2.0 : Wed May 27 2009 - 12:00:02 MDT