Restricting sites to some users
Hi
We currently run Squid that uses NTLM for our Windows users. They must
be a member of the Proxy Users group in NT to be able to use the
internet, works really well and allows me to restrict sites via the
denied.list file.
I now need to allow a heap of users from remote sites that run only
Linux to access certain sites that we permit. Where the head office
Windows users can pretty much access what they want (exception via the
denied.list) I want to keep these Linux users on an even shorter
string
My questions are
1. Can I setup a single username that these users can use to
authenticate to the proxy server, or would I be better off creating
all the remote sites as individual users (for tracking purposes)?
2. Can I then make these users only use the white.list or how can I
restrict their ACL's to the allowed sites?
Any suggestions would be welcome
Regards
Scott
Re: Restricting sites to some users
Hello Scott,
[color=blue]
> We currently run Squid that uses NTLM for our Windows users. They must
> be a member of the Proxy Users group in NT to be able to use the
> internet, works really well and allows me to restrict sites via the
> denied.list file.
> I now need to allow a heap of users from remote sites that run only
> Linux to access certain sites that we permit. Where the head office
> Windows users can pretty much access what they want (exception via the
> denied.list) I want to keep these Linux users on an even shorter
> string
> My questions are
> 1. Can I setup a single username that these users can use to
> authenticate to the proxy server, or would I be better off creating
> all the remote sites as individual users (for tracking purposes)?
> 2. Can I then make these users only use the white.list or how can I
> restrict their ACL's to the allowed sites?[/color]
Although this is off topic, since what I have to say about your
problem does not concern squid, but still -
We use the safesquid free edition as proxy and application layer
firewall. We prefer safesquid because it is easy to install and has a
browser based GUI for management. Your problems can very easily be
solved with safesquid. Go through the following links, if you care,
that explains how you can granularly distribute access to users -
[url]http://www.safesquid.com/html/kb.php?mode=article&k=14[/url]
[url]http://www.safesquid.com/html/kb.php?mode=article&k=15[/url]
Cheers
Seans
