Fantastic. This worked for me. thanks Chris and Amos for the replies. --Kiran On Tue, Jan 19, 2010 at 1:23 PM, Chris Robertson <crobertson@xxxxxxx> wrote: > kiran kumar wrote: >> >> Dear All, >> >> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce >> user Authentication. I don't want to authenticate every request but >> have Squid talk to my policy framework before deciding either to >> authenticate or skip authentication for the request. The policy will >> be based on source-ip of the request. Is there a way to do this in >> Squid? I was hoping Squid to use the return value of external helper >> program to enforce authentication. >> >> I do not want to configure this statically in squid.conf as the >> policies keep changing.\ >> >> Thanks in Advance, >> >> Kiran >> > > I haven't tested it, but I think... > > http_access deny is_auth_needed !proxy_auth > http_access allow my_net > > ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that > require authentication and "ERR" for those that don't and "proxy_auth" is a > standard authentication ACL would do just what you want. > > ACLs that comprise http_access rules are "ANDed" together, so if the first > test fails, further ACls are not checked. > > Chris > >
