> I am using Dansguardian to determine if something is porn, and
> I modified it to set a header (X-Naughty and X-Naughty-Why)
> so that the page would still go through, but squid should be
> able to identify it as naughty.
> The way I envision it working is, people can browse freely and
> unlogged until they get a page that dansguardian blocks, at
> which time they are sent to a login page (probably php here)
> that authenticates them to the network (using whatever method
> your network uses), then sends the username/ip pair to squid
> and is put in the struct.
If you're willing to sacrifice transparent proxying (replace with
auto-config script) and have found a way to match that header
with a Squid acl, you could save yourself some major work.
1) Setup an acl that matches the header
acl Naughty ...
2) Setup basic authentication by NCSA, LDAP, or whatever
auth_param basic ...
acl Login proxy_auth REQUIRED
3) Setup your http_access like this:
http_access allow !Naughty
http_access allow Naughty Login
It will only prompt for authentication for Naughty sites. You can
then filter the logs looking for an entry (instead of -)in the user
field.
Adam
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001Received on Tue Aug 05 2003 - 06:34:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:36 MST