Hi everyone,
I'm having some troubles to understand how the acl process is working.
I'm trying to link a mySQL database to my squid in order to allow me
to setup some specific access rights according to some specific users
from different places to different websites.
What I did is an acl that will check the domain and the source_ip
external_acl_type ExternalisBad ttl=20 %SRC %DST /etc/squid3/external_bad
acl isBad external ExternalisBad
And I also created my own auth_param block
auth_param basic program /etc/squid3/sql_auth
auth_param basic children 20
auth_param basic realm Username and password
auth_param basic credentialsttl 1 minute
Now, when someone's trying to to access a website, this is what I do
http_access allow sql_auth isBad
It is working, but the thing is: it doesn't care about if the username
is linked to the %SRC Ip or not... So basically, if you have are
registered with full access rights in another place, you will be able
to access to all the content even if you're access is supposed to be
denied. Does that make sense ?
I added the %IDENT to the externcal_acl_type rule. Since the sql_auth
process is called before I was thinking that maybe the %IDENT would be
stored somewhere somehow and be accessible in the isBad acl right
away...
external_acl_type ExternalisBad ttl=20 %SRC %IDENT %DST /etc/squid3/external_bad
Apparently this is not working.
Does any one have any idea on how to do what I want to do ?
If you want me to be more specific, let me know!
Thank you so much Guys,
Julien
PS:
debian:/squid3 -v
Squid Cache: Version 3.0.STABLE8
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,coss,diskd,null'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=SMB'
'--enable-digest-auth-helpers=ldap,password'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-epoll' '--enable-linux-netfilter'
'build_alias=i486-linux-gnu' 'CC=cc' 'CFLAGS=-g -O2 -g -Wall -O2'
'LDFLAGS=' 'CPPFLAGS=' 'CXX=g++' 'CXXFLAGS=-g -O2 -g -Wall -O2'
'FFLAGS=-g -O2'
