in a LAN with Windows clients and Linux servers (on a domain controlled
by a Samba PDC) I would like to configure the following:
- any client has access to Internet, both web and email;
- only outbound transfers (any kind: HTTP, FTP, SMTP...) larger than
size X are blocked, and the failed attempt is logged; nothing else is
blocked or logged;
- some particular users have no limits, no transfers are blocked for
What would you suggest?
Of course, I can live with it if I'm forced to change some requirements,
e.g. if I necessarily have to log everything.
Trying to accomplish all this, I started with squid. It can authenticate
against the Samba database, and it should be able to block outbound
transfers larger than X bytes thanks to the request_body_max_size
parameter (if I correctly recall its name), but it's a global setting,
it is applied to all users, and it's not what I need.
Then it also cannot be used for POP/SMTP.
Maybe I could use the "acl aclname req_header..." directive to
selectively check the HTTP request size?
And maybe I could use Postfix for SMTP filtering?
I could try with a SOCKS proxy like dante, but I think it does not have
the authentication and flitering features I need.
Any info is appreciated. Thanks.