On Tue, 8 Feb 2005, Lasse Laursen wrote:
external_acl_type my_app negative_ttl=120 ttl=120 children=75 %SRC %{User-Agent} %{Cookie} /path/to/my_app.pl
The check is rather database intensive so once we have allowed/denied a user access we would like to limit the number of further requests on our acl programs for the amount of time specified in the TTL paramerer for this particular user (prevent him from hammering our databases with reloads, etc.) - eg. the user gets an OK and this user is allowed access through the proxy for 120 seconds without any further calls to our acl program - similar scenario for the users that gets an ERR message.
So I was wondering - exactly how does Squid (3.0-PRE3 in our case) identify a user? Is it {IP, agent} or exactly how is the unique user identified again by the proxy server?
User is irrelevant to the above acl.
Your external_acl type looks into "%SRC %{User-Agent} %{Cookie}" (plus any additional keywords eventually specified in the acl referring to this type). Each unique combination of these is sent to your helper and the result is cached for the specified TTL.
Regards Henrik