Авторизация доступа к ресурсам через SQUID
Авторизация на основе ip адреса рабочей станции
Debian/Ubuntu
gate# cat /etc/squid/deny_hosts.txt
.*ok\.ru.*
.*vk\.com.*
gate# cat /etc/squid/permit_hosts.txt
.*microsoft\.com.*
gate# cat /etc/squid/squid.conf
...
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl our_networks src 192.168.X.0/24
acl our_pppoe_networks src 192.168.100+X.0/24
acl big_boss src 192.168.113.100 192.168.100+X.101
acl deny_hosts url_regex "/etc/squid/deny_hosts.txt"
acl permit_hosts url_regex "/etc/squid/permit_hosts.txt"
http_access allow big_boss
http_access allow our_pppoe_networks !deny_hosts
http_access allow our_networks permit_hosts
...
gate# squid -k check
gate# squid -k reconfigure
Авторизация на основе имени пользователя
FreeBSD
[gate:~] # cd /usr/local/etc/squid/
Ubuntu
root@gate:~# cd /etc/squid/
FreeBSD/Ubuntu
gate# cat squid.conf
...
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
...
# Access for all success authentificated users
#acl inetuser proxy_auth REQUIRED
# Ассеss for users from list
#acl inetuser proxy_auth user1@CORPX.UN user2@CORPX.UN ...
# Ассеss for users from file
#acl inetuser proxy_auth_regex "/etc/squid3/group1.acl"
#acl inetuser proxy_auth_regex "/usr/local/etc/squid/group1.acl"
http_access allow inetuser
http_access deny all
...
Авторизация на основе членства в группе
Для file, nis, ldap авторизации
gate# getent group group1 | cut -f4 -d: | tr "," "\n" > group1.acl
gate# squid -k reconfigure
Для winbind авторизации
gate# ntlm_auth --username=user1 --require-membership-of=CORPX\\group1