[squid-users] Denying user access based on proxy_auth

From: Geoff Varney <geoff.varney@dont-contact.us>
Date: Tue, 2 May 2006 09:05:54 -0700

Hi,
I am using Squid 2.STABLE13 and DansGuardian for caching and filtering. I
have Squid in front for authentication, then DG, then another Squid for
caching. It's all been working great with NTLM auth using winbind and smb.
I have an acl that looks like this:

acl denied_users proxy_auth_regex -i '/etc/squid2/denied_users'

where the denied_users file has a list of users who are not allowed access
in the form of: john.smith

Now for the first time I have a problem in the way this works. For
instance, I have a user account of smith. It's a generic account that is
used to ensure that certain applications run on Windows 2000/XP. I simply
want to prevent Web access as it's anonymous to some extent. So I add the
name "smith" to my denied_users file. Now not only is "smith" denied
access, but also "john.smith". I have tried removing the regex piece (acl
denied_users proxy_auth '/etc/squid2/denied_users' and that doesn't seem to
block anyone. I have also tried (with and without regex piece) making the
names in denied_users in the form of domain\john.smith, but that also
doesn't block anyone.

Does anyone have a suggestion of how to make this work again? Maybe some
other regex syntax can be added to the denied_users listing? I like not
having to enter the domain\ part, but it's no big deal if that's needed. I
simply need to have the acl look at the entire username, not just one part
of it. Ie. blocking smith should not block john.smith.

Thanks for any suggestions.

Geoff
Received on Tue May 02 2006 - 10:06:01 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:01 MDT