[squid-users] Deny page redirection to a procedure: HOWTO?

From: Davide Marzaloni <[email protected]>
Date: Thu, 7 Oct 2004 10:57:40 +0200

Hi.
Actuall I run squid release 'squid-2.5.STABLE6-20040907' and not using
squidguard (squid.conf manually edited).
I defined the following acl types:

A. acl xxxwordssites url_regex
"/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_words" # WORD BASED
applied to all users BLACK list
B. acl xxxsites dstdomain
"/usr/local/squid/etc/acls/not_allowed/not_allowed_porn_sites" # domain
based applied to all users BLACK list
C. acl dstd2all dstdomain
"/usr/local/squid/etc/acls/allowed/allowed2all_domains" # domain based
applied to all users WHITE list
D. acl dstd2hrg dstdomain
"/usr/local/squid/etc/acls/allowed/allowed2hrg_domains" # domain based
applied to HRG group WHITE list
E. acl hrg proxy_auth "/usr/local/squid/etc/groups/hrg" # acl defining HRG
group membership (the file hrg contains valid authenticated usernames)

Following there are
- 'applied to all httpd_access' directives:
http_access deny xxxsites (deny xxx sites to all)
http_access deny xxxwordssites (deny sites with xxx words to all)
http_access allow dstd2all (allow domains in
/usr/local/squid/etc/acls/allowed/allowed2all_domains to all)

- 'applied to specific groups http_access' directives that link the D-type
acl to the E-type:
http_access allow dstd2hrg hrg

And obviously, as final,
http_access deny all

My goal is the following: when a selected group of users (say an other acls
named 'privileged': acl privileged "/usr/local/squid/etc/groups/privileged")
is attempting to get a not allowed web sites (a suspected porn site, or,
generally speaking, a not allowed domain), a web page should tell him/her
that the administrative policies not permit this operation (and this could
be simply done, replacing the error page), BUT if he/she press a
button/click on a link (preceded by some warnign abount logging and mail
alerting, telling the administrator about the following operation), this
could be overrided and the resource can be reached anyway.

Maybe a redirector can do this?

My problem is not replacing the error page (obviously editing the HTML
code), but build a customized error page, giving the user the chance to
'bypass' the controll, clicking on a link, containing the original URL
requested.

Maybe instead of

http_access deny xxxsites

a command like

http_access CONDITIONLY_REDIRECT_to_SOMEWHERE xxxsites

could be useful... :-)

Is there anyone with the same problem, that found a solution or started to
study it, with whom I could work?

Thanks in advance

Davide
Received on Thu Oct 07 2004 - 02:57:50 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST