On Fri, 20 Feb 2004, Frank Fegert wrote:

> 1.) Assuming that the browser submits browsertype and OS-version at
> each request, i could use this information. The question is how
> i would access the information and pass it to an ACL?

See the browser ACL. It uses regex patterns for matching the User-Agent
header as sent by the client. MSIE and most browsers include comment
information in this header indicating which OS they run on.

> 2.) Taken from the squid logs the client submits it's IP upon each
> request. I would resolve the IP to a hostname, and look up if a
> workstation object of the same name exists in the ADS by using
> ldapsearch. Regarding the use of ldapsearch i would add the code
> to squid_ldap_auth.

The idea is good, but authentication is the wrong place to add this into.

What you should do for implementing this idea is to write a small external
helper to Squid which performs only this check. See the external_acl_type