Session helper with source IP as key

Kaustav Dey Biswas <kaustav_deybiswas@xxxxxxxxxxx> · Fri, 13 Mar 2009 14:16:01 +0530 (IST)

Hi,

I am trying to set up session helper with source IP as the lookup key, using squid-2.6.STABLE16-4.fc7. The relevant sections of my conf are:

#  TAG: external_acl_type
external_acl_type session ttl=10 negative_ttl=0 children=1 concurrency=200 %SRC /usr/lib/squid/squid_session -t 60

#  TAG: acl
# These are default ACLs
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
# Custom ACLs go here...
acl session external session

#  TAG: http_access
# These are default rules
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Custom rules go here...
http_access deny !session
http_access allow localhost
http_access deny all

But the browser is giving Access Denied every time (saying that an ACL is configured to deny access). The cache.log says:

2009/03/13 13:52:51| aclCheck: checking 'http_access deny !session'
2009/03/13 13:52:51| aclMatchAclList: checking !session
2009/03/13 13:52:51| aclMatchAcl: checking 'acl session external session'
2009/03/13 13:52:51| aclMatchExternal: acl="session"
2009/03/13 13:52:51| aclMatchExternal: session("127.0.0.1") = lookup needed
2009/03/13 13:52:51| aclMatchAclList: no match, returning 0
2009/03/13 13:52:51| externalAclLookup: lookup in 'session' for '127.0.0.1'
2009/03/13 13:52:51| externalAclHandleReply: reply="ERR message="Welcome""
2009/03/13 13:52:51| external_acl_cache_add: Adding '127.0.0.1' = 0
2009/03/13 13:52:51| external_acl_cache_add: updating existing entry
2009/03/13 13:52:51| aclCheck: checking 'http_access deny !session'
2009/03/13 13:52:51| aclMatchAclList: checking !session
2009/03/13 13:52:51| aclMatchAcl: checking 'acl session external session'
2009/03/13 13:52:51| aclMatchExternal: acl="session"
2009/03/13 13:52:51| aclMatchExternal: session = 0
2009/03/13 13:52:51| aclMatchAclList: returning 1
2009/03/13 13:52:51| aclCheck: match found, returning 0
2009/03/13 13:52:51| aclCheckCallback: answer=0
2009/03/13 13:52:51| authenticateFixHeader: headertype:0 authuser:(nil)

But if I add authenticated username to the session key (& use an authenticator program), things are working fine. What am I doing wrong? None of the acls (including the external acl for session) are referencing authenticated username, but is it still required?

Thanks & Regards,
Kaustav

      Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/