Thanks for you help. I think I almost got it--but it is not working -- yet.
I created the file ident.sh and made it executable (777) and added these lines to squid:
external_acl_type propel_header_auth %{Hdr:member} /etc/squid/ident.sh x-pun:user
acl propel_header_auth ident REQUIRED
Am I all wet?
Ryan Lamberton
----- Original Message ----- From: "Henrik Nordstrom" <hno@xxxxxxxxxxxxxxx>
To: "Ryan Lamberton" <ryan@xxxxxxxxxxxx>
Cc: "Henrik Nordstrom" <hno@xxxxxxxxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, May 07, 2005 3:11 AM
Subject: Re: [squid-users] external_acl_type with http request header question
On Fri, 6 May 2005, Ryan Lamberton wrote:
hmm... is there an example of a "silly helper" out there I can use/modify?
In this case as all you need it to echo the username back to Squid the following suffices:
#!/bin/sh while read user; do echo OK user=$user done
And will the Ident acl "set" the username the same way the proxy_auth does so my filtering program can identify the username?
Yes.
Why should I disable client side persistent connections?
Because of the ident association of the external acl returned username in Squid-2.5. ident is connection oriented, meaning all requests on this connection will inherit the username.
This is fixed in Squid-3.0, where this mechanism of having external acls returning a username is more obvious.
Regards
Henrik
