From owner-freebsd-questions@FreeBSD.ORG Mon Feb 11 22:07:23 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5D78316A41B for ; Mon, 11 Feb 2008 22:07:23 +0000 (UTC) (envelope-from crussell_1969@yahoo.com) Received: from web51612.mail.re2.yahoo.com (web51612.mail.re2.yahoo.com [68.142.224.85]) by mx1.freebsd.org (Postfix) with SMTP id E41E113C455 for ; Mon, 11 Feb 2008 22:07:22 +0000 (UTC) (envelope-from crussell_1969@yahoo.com) Received: (qmail 94598 invoked by uid 60001); 11 Feb 2008 21:40:41 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=1y7rxCPMldAacJmxgnuAfop85LvFwWRWRTtT+aH7MrYjDSK9jEiBQlXLOHHtvbu/iGIRCg5vU2/svxz9NkScizu2+/eUn4/der3UJrUY/T31A1X4PwmMoZGgNal4VSKcrPTHq+FGSlILMEDTsQJMxAI+wCzUBUDyPSGJzmNRgzY=; X-YMail-OSG: uHXm9foVM1nig9S4J_dWjVfJZLWHAoZlcYLUCvSr70aBLn1x5ya7nSwSdixuvLShqRRp6cvmmw-- Received: from [75.69.84.253] by web51612.mail.re2.yahoo.com via HTTP; Mon, 11 Feb 2008 13:40:41 PST X-Mailer: YahooMailRC/818.31 YahooMailWebService/0.7.162 Date: Mon, 11 Feb 2008 13:40:41 -0800 (PST) From: Craig Russell To: freebsd MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <275062.93080.qm@web51612.mail.re2.yahoo.com> Subject: Authenticating proxy server with fine tuned controls X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Feb 2008 22:07:23 -0000 Hi- I am looking for an authenticating transparent proxy server with tiered access. ie, A user who logs into the proxy can access sites based upon group membership; group1 has unfettered access to the internet, group2 gets filtered access. Ideally, I'd like to be able to setup groups for various sites and add/subtract users to allow access to various internal sites. As a diagram, I'd like to do this: Group1:Unfettered access to internet Group2:Filtered access to internet Group3:Access to internal website x Group4:Access to internal website y If user1 is in Group1 and Group3 they can access the internet and internal website x If user2 is in Group2 they can only access filtered websites. If user3 is in Group2 and Group4 they get filtered internet access and access to internal website y Is their an open-source or commercial product that provides for this type of granular control of access? I've setup squid with authentication before, although it was several years ago, but I didn't need to have that granular of a control set. Thanks, Craig