Ok... so would it be possible to also pass the %SRCPORT variable to squid_session in addition to %SRC as this will probably be unique in most cases ? Thanks Adam -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: 03 November 2009 11:44 To: Adam Binks Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Squid & squid_session tis 2009-11-03 klockan 09:55 +0000 skrev Adam Binks: > >>external_acl_type session ttl=0 negative_ttl=0 children=10 concurrency=200 %SRC /usr/local/squid/libexec/squid_session -t 30 > > I assume the %SRC variable in the above string is what the session is based on. > > Is there away to add some other uniqueness or variable to allow squid to differentiate between the real end users ? The problem is that the NAT removes the available per-user uniqueness, making them all look the same to Squid. So only if you could figure out what that uniqueness would be. Needs to be something that uniquely identifies the user to Squid. %SRC (client source IP) is used in the example for squid_session, as this is easily identified as an unique identifier in non-NAT:ed client station networks. Regards Henrik
