Squid 3.1.0.17 Ok, I'm able to get some of this working right... Although it's not quite what I expected for results. My config is below... First, I think since I have myserver in the acl then the AUP page doesn't display if the user has their home page set to "http://www.myserver.com";. Secondly, when one computer gets the AUP subsequent computers will not be prompted with the AUP. The first computer to attempt to get to the internet gets the AUP all the others do not. Of course, resetting squid frees up the cache and then the first user after the restart will be prompted. My assumption in reading is that the %SRC is supposed to key the session identifier for the IP address of the requesting user. I did notice the following in my logs and I wonder if this could be my issue: 30/Mar/2010,14:56:08, 220,127.0.0.1,TCP_MISS/200,3150,GET,http://www.google.com/firefox?,-,DIR ECT/208.69.36.231,text/html Shouldn't my workstation show as the true IP address and not localhost (127.0.0.1)? I am running dansguardian on this server but that should be taking place after my connection. It would make sense that the first workstation authenticating with 127.0.0.1 would authorize in this case... If this is what my problem is, why is localhost showing instead of the real IP address? The dansguardian log does show the correct IP address... Oh wait... I'm connecting to 8080 which is dansguardian which forwards to squid @ 3128... oh my... How am I going to fix this? The docs for squid_session (http://linuxreviews.org/man/squid_session/) State: "http://your.server/bannerpage to display a session startup page and then redirect the user back to the requested URL given in the url query parameter." I can't seem to figure out what to do on the AUP html page. Is there anything additional I need to do or just forward the user on? (I've played around with the negative_ttl a bit; if I set it to say 300, then I cannot progress pass the AUP.) acl to_localbox dst 192.168.80.5/32 acl myserver dst 64.8.132.1/32 external_acl_type session ttl=300 children=20 negative_ttl=10 concurrency=200 %SRC /usr/lib/squid/squid_session -t 3600 acl session external session acl localnet src 192.168.80.0/23 http_access allow myserver (this is my webserver that I want to allow unrestricted access to) http_access allow to_localbox (since I have an AUP html file on this web server; allow access) deny_info http://192.168.80.5/index.html?url=%s session (sets up the session html page; redirect connection here) http_access deny !Safe_ports (default config from squid; it is defined I just didn't cut and paste the ACL for it) http_access deny !session ( if you don't have a session defined then no way; you're stuck) http_access allow session http_access deny all
