Re: [squid-users] per-user authentication and settings (Squid or dg)?

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 10 May 2006 13:33:56 -0800

Dave wrote:

> ----- Original Message ----- From: "Chris Robertson" <crobertson@gci.net>
> To: <squid-users@squid-cache.org>
> Sent: Wednesday, May 10, 2006 4:58 PM
> Subject: Re: [squid-users] per-user authentication and settings (Squid
> or dg)?
>
>> Dave wrote:
>>
>>> Hello,
>>> I apologize for the cross post, but i'm not sure which product,
>>> squid with proxy and authentication, or dansguardian, with user
>>> groups, would be best to assist with the issue i'm about to be faced
>>> with.
>>> I've got a transparent squid proxy set up with filtering and it
>>> is working quite nicely. Now i have need to have user authentication
>>> and individual user restrictions. For example, and i'll try to keep
>>> this as close to my situation as possible, user1 has no
>>> restrictions, can go anywhere. User2 only wants to go to yahoo
>>> sites, specifically instant message, mail, and yahoo music. User3 is
>>> allowed to play online games and i've got a site list of sites for
>>> them. User4 has been bad and has not done his homework, as a result
>>> i don't want him to have access to games, messaging, or any other
>>> content save another list of sites i approve. My thinking is to
>>> assign each of these users a username and an md5 password for digest
>>> authentication, yet i don't want to install apache for access to
>>> htdigest to pull that off. I've thought about ntlm, but that seems
>>> overkill for this situation, more than likely these user
>>> requirements will be varied. I'm also not sure if this is something
>>> dg would be best at or squid at the proxy level.
>>> Thanks.
>>> Dave.
>>>
>> Which ever direction you choose, you'll have to remove the
>> interception (also called transparent) nature of the proxy.
>>
>> http://www.swelltech.com/support/procyonguide/ch08.html
>>
>> Chris
>
> Hi,
> Thanks, i was hoping not to have to do that. Do you have a similar setup?
> Thanks.
> Dave.
>
Well... Similar in that I use authentication, don't use transparency,
don't use DansGuardian, and disallow some of my users to access the net
(vs. having some users with full access and others with different
limited access). :o) If a specific site is blocked for someone, it's
blocked for all (including, obviously those that can't surf in the first
place).

For whatever it's worth, this is not due to a Squid limitation, but in
the interest of keeping the interface that my customers use as simple as
possible.

Chris
Received on Wed May 10 2006 - 15:34:33 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT