On 31/01/2005, at 4:13 PM, Norio Korekawa wrote:
Hello,
I have a question on external_acl_type and I hope someone will kindly give me comments or answers.
Firstly, my squid is Squid Cache: Version 2.5.STABLE1, I'm running it on Red Hat Linux release 9 (Shrike) and the basic part of my squid.conf is as follows:
--- my squid.conf --- auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours
external_acl_type myacltype %LOGIN %SRC %DST %{Referer} %{User-Agent} /usr/lib/squid/myaclhelper.pl
acl myacl external myacltype
acl user_auth_acl proxy_auth REQUIRED http_access deny !user_auth_acl
I think this should be closer to
http_access allow user_auth_acl myacl
This way it is an AND statement as at the moment it is actually an OR statement
There is another option that specifies how long the helper caches it data for....http_access deny !myacl http_access allow all --- my squid.conf ---
My question is:
It seems that myaclhelper.pl is called by squid, every time new URL
is accessed, but is this correct action? I think it should not be
called, once myacl passes, that is, myaclhelper.pl returns "OK".
In fact, ncsa_auth seems not to be called, once HTTP basic authentication
passes...
external_acl_type myacltype ttl=600 %LOGIN %SRC %DST %{Referer} %{User-Agent} /usr/lib/squid/myaclhelper.pl
Where 600 is the cached answer timer.
For testing I normally set it really low so that the responses are almost real-time but in the real world this creates way too much overhead.
I think my squid.conf has some problems, but I don't know what they are...
Any answer would be appreciated. Thanks in advance. Norio
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.