On 31/01/2005, at 5:05 PM, Scott wrote:
On 31/01/2005, at 4:13 PM, Norio Korekawa wrote:
Hello,
I have a question on external_acl_type and I hope someone will kindly
give me comments or answers.
Firstly, my squid is Squid Cache: Version 2.5.STABLE1, I'm running
it on Red Hat Linux release 9 (Shrike) and the basic part of my
squid.conf is as follows:
--- my squid.conf ---
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
external_acl_type myacltype %LOGIN %SRC %DST %{Referer} %{User-Agent}
/usr/lib/squid/myaclhelper.pl
acl myacl external myacltype
acl user_auth_acl proxy_auth REQUIRED
http_access deny !user_auth_acl
I think this should be closer to
http_access allow user_auth_acl myacl
This way it is an AND statement as at the moment it is actually an OR
statement
This isn't really about this is it.. lmfao.. my bad.. just thought it
looked a little odd was all..
My apologies
http_access deny !myacl
http_access allow all
--- my squid.conf ---
My question is:
It seems that myaclhelper.pl is called by squid, every time new URL
is accessed, but is this correct action? I think it should not be
called, once myacl passes, that is, myaclhelper.pl returns "OK".
In fact, ncsa_auth seems not to be called, once HTTP basic
authentication
passes...
There is another option that specifies how long the helper caches it
data for....
external_acl_type myacltype ttl=600 %LOGIN %SRC %DST %{Referer}
%{User-Agent} /usr/lib/squid/myaclhelper.pl
Where 600 is the cached answer timer.
For testing I normally set it really low so that the responses are
almost real-time but in the real world this creates way too much
overhead.
I think my squid.conf has some problems, but I don't know what they
are...
Any answer would be appreciated.
Thanks in advance.
Norio
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Please notify the sender immediately by email if you
have received this email by mistake and delete this email from your
system. Please note that any views or opinions presented in this email
are solely
those of the author and do not necessarily represent those of the
organisation. Finally, the recipient should check this email and any
attachments for the presence of viruses. The organisation accepts no
liability for any damage caused by any virus transmitted by this
email.