kiran kumar wrote:
Dear All,
I'm trying to use "external_acl_type" with squid3-stable-19 to enforce
user Authentication. I don't want to authenticate every request but
have Squid talk to my policy framework before deciding either to
authenticate or skip authentication for the request. The policy will
be based on source-ip of the request. Is there a way to do this in
Squid? I was hoping Squid to use the return value of external helper
program to enforce authentication.
I do not want to configure this statically in squid.conf as the
policies keep changing.\
Thanks in Advance,
Kiran
I haven't tested it, but I think...
http_access deny is_auth_needed !proxy_auth
http_access allow my_net
...where "is_auth_needed" is an external ACL that returns "OK" for IPs
that require authentication and "ERR" for those that don't and
"proxy_auth" is a standard authentication ACL would do just what you want.
ACLs that comprise http_access rules are "ANDed" together, so if the
first test fails, further ACls are not checked.
Chris
