mayby I'm overlooking something, but is this post answered yet? I have the same problem as fobe: we want to generally disallow any sort of download to all users and allow only some special users to be able to download some specific sorts of files (for example: only download of product-updates allowed to domain-admins).
I've done this before with another firewall by manually editing the squid.conf. Is there any other way to do this with astaro? Does this interfere with activated surf-protection?
We're using astaro 3.212, surf-protection activated, http-authentication via NT-Domain.
this blacklist-filter-expressions seem to be absolutely the thing I need - will test it as soon as possible [:)]
Two other questions: First, ist there any documentation about the syntax-rules how to build these filters? Second: If I group my domain-workstations, do I have to pay attention on the ordering like in the paket-filter-rules? Can I (for example) define a rule for admins (are allowed to download some files) one for users (only special downloads) and a sort of "fallback-rule" (=my complete intranet) at the end to get the rest of workstations which are not defined as admins or users and which should not be able to download anything?
