


Perhaps the most useful of these is pam_auth which uses the pluggable authentication module architecture. That’s not usually a problem though.ġ3 Authenticators Authenticators are also simple programs that read from STDIN and write to STDOUT./sampleauthenticator guy notmypassword ERR ghalse mypassword guy mypassword OKġ4 Authenticators Squid comes with a lot of authenticators out-the-box: smb, ldap, pam, unix, ntlm, yp/nis, etc. Like redirectors, you can only have one authenticator.

This lets you force your clients to supply a username and password before granting them access – good for public access computers. You can only have one redirector, so you have to think carefully what you want to do with itġ2 Authenticators Authenticators are external programs that define how the proxy_auth ACL works. There are lots of open-source packages that do this, for example AdZapper ( Advert blocking saves bandwidth but is controversial because many sites rely on advertising for revenue.ġ1 Redirectors Redirectors offer a lot of control over content BUT ac.uk http_access deny PUBLICLAB WORKHOURS !ACADEMIC http_access allow PUBLICLABĨ Redirectors Redirectors allow us to re-write URLs before we fetch themįor instance, we could rewrite a popular site to a local mirror: →ĩ Redirectors Redirectors are simple programs and can be easily customised: And added to Squid: #!/usr/bin/perl –w while () redirect_program /usr/local/bin/myredirector redirector_access allow allġ0 Redirectors Redirectors are commonly used to block adverts on web pages. acl PUBLICLAB src /21 acl WORKHOURS time MTWTF 08:00-17:00 acl ACADEMIC dstdomain. All student public labs are only allowed to access academic sites during working hours. ac.za http_access deny all !RHODESIP !RHODESDNS http_access allow ACZADEST http_access deny allĦ Access Control Lists But in reality have a lot more flexibilityĪcl ACLNAME keyword where keyword is one of: arp srcdomain, dstdomain, src, dst time url_regex, url_path, urllogin, port, proto, method brower, referer_regex proxy_auth, proxy_auth_regex, ident, ident_regex src_as, dst_as req_mime_type, req_header, rep_mime_type, rep_header myip, myport externalħ Access Control Lists Which allows us to write rich rule sets to match our needs e.g. You can download it for free atĪccess Control Lists Redirectors Authenticators Delay Pools We’ll talk about each of these in turn, and then look at some examples that show how they can all fit togetherĥ Access Control Lists Traditionally used to define who can access what … acl all src / acl RHODESIP src /16 acl RHODESDNS srcdomain. It’s the open-source equivalent of products like Novell’s BorderManager, Microsoft’s ISAS, and Cisco’s ACNS. 1 Bandwidth Management with the Squid Caching Proxy Server
