====== Авторизация доступа к ресурсам через SQUID ====== ===== Авторизация на основе ip адреса рабочей станции ===== ==== Debian/Ubuntu ==== gate# cat /etc/squid/deny_hosts.txt ok\.ru vk\.com gate# cat /etc/squid/permit_hosts.txt microsoft\.com gate# cat /etc/squid/squid.conf ... # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # acl our_networks src 192.168.X.0/24 acl our_pppoe_networks src 192.168.100+X.0/24 acl big_boss src 192.168.113.100 192.168.100+X.101 acl deny_hosts url_regex "/etc/squid/deny_hosts.txt" acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" # order is important http_access allow big_boss http_access allow our_pppoe_networks !deny_hosts http_access allow our_networks permit_hosts ... gate# squid -k check gate# squid -k reconfigure ===== Авторизация на основе имени пользователя ===== gate# cat /etc/squid/conf.d/my.conf ... #acl inetuser proxy_auth REQUIRED #acl inetuser proxy_auth user1@CORP13.UN user2@CORP13.UN acl inetuser proxy_auth_regex "/etc/squid/group1.acl" http_access allow inetuser ===== Авторизация на основе членства в группе ===== ==== Для file, nis, ldap авторизации ==== gate# getent group group1 | cut -f4 -d: | tr "," "\n" | tee /etc/squid/group1.acl gate# squid -k reconfigure ==== Для winbind авторизации ==== gate# ntlm_auth --username=user1 --require-membership-of=CORPX\\group1