--- Goode <Goodeg@admin.chsc.cheshire.sch.uk> wrote:
It appears that the school has probably got the caching and firewall on the same machine. I don't run a Linux box as a proxy but have an ISA box on an AD domain (approx 300 machines and 1300 users). The server is multihomed with an internal and external interface. Access is only permitted through the ISA server if both the user and the station the user is using are in the correct groups. We have another group that is www-disabled that overides the other two. The permissions are set at the access policy level, but can be tied down to a particular protocol, etc. I am sure the same can be done with a Linux Proxy.
Yes, it could. Squid has support for limited ACLs, although squid coupled with SquidGuard is probably the better way to go. Doubtless some people here will advocate the use of 'censornet' -- this too will do what you want.
The benefits of the above is that the user cannot bypass the proxy to get access to the Internet, and the same settings apply to all applications.
That "benefit" is more a characteristic of *having* the appropriate technologies in place and configured -- it's not a benefit specific to a certain application. Please also refrain from top-posting. -- Thomas Adam "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net "<shrug> We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) ___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com