> Amos Jeffries wrote: >>> Quick question for you all. Would it be possible to use squid, in >>> part, >>> as a Terms of Service portal? In other words, using an external_acl >>> helper, return OK if IP/MAC has accepted, or redirect if not? I would >>> love to use the wccpv2/gre tunnel and the fault tolerance built in to >>> eliminate a failure point by using a bridged or router acl solution. >>> I've played around with PFSense and M0n0wall and they don't really work >>> with our network/dhcp structure. We serve two different wireless >>> technologies and vlaning kills any of these options. We want only new >>> customers to get caught, but all customers to pass through in the event >>> of hardware failure. I looked at a solution FrontPorch offers and it's >>> pretty slick. They have both an inline and passive solution. The >>> inline uses a proprietary NIC that has a solenoid that trips in the >>> event of a hardware failure creating a hardwire connection. The >>> passive >>> solution somehow uses communication with the router to redirect. They >>> mirror tcp traffic and I don't know what else. Anyway, I got a little >>> long winded there. Any thoughts? Thanks guys.. >>> >>> Tony >>> >>> >> >> >> Theoretically yes. You will need to test and see if it works for you in >> practice. >> >> The problem is that the tcp_outgoing_tos selection ACL in Squid can only >> work from cached external_acl results. (It would require a small re-code >> of the outbound connection pathway to alter that). >> BUT, the external ACL can be used in http_access to permit access into >> squid at the point of receiving. So the result can be cached by that >> lookup. >> >> For src-IP its just peachy. For MAC the machines need to be directly on >> the same switch or arp-relay enable across the network, for ARP lookups >> to >> work. >> >> Amos >> > > I think what the requester is looking for (not so much prioritization of > traffic, but getting each user to acknowledge an Acceptable Use Policy, > or the like) is better provided by the session helper . > > The session helper is included with the Squid source. > > Chris > Aye. now that you mention it... Amos
