You need to define and use ACLs of type proxy_auth; as per the page you linked:
Acl Type: proxy_auth
Description User authentication via
external processes. proxy_auth
requires an EXTERNAL authentication
program to check username/password
combinations (see authenticate_program
).
Usage acl aclname proxy_auth
username...
use REQUIRED instead of username to
accept any valid username
Example acl ACLAUTH proxy_auth usha
venkatesh balu deepa
This acl is for authenticating users
usha, venkatesh, balu and deepa by
external programs.
This way, Squid will authenticate the users using any authentication method you choose (you said this is already in place, so you should have no problem here), and then you will be able to filter access based on usernames.
Unfortunately, the fixed AND/OR logic of Squid's ACL list means that you can only implement an AND condition on the access line, not on the ACL line:
You've probably noticed (and been frustrated by) the fact that you cannot combine access controls with terms like "and" or "or." These operations are already built in to the access control scheme in a fundamental way which you must understand.
All elements of an acl entry are OR'ed together.
All elements of an access entry are AND'ed together
Is there some real reason you can't do it this way?
Best Answer
The documentation covers these situations...