On 13/11/10 03:21, Jim Moseby wrote:
Using Debian platform with 2.6.STABLE14, and am following the config
example found at
http://wiki.squid-cache.org/ConfigExamples/Portal/Splash
I cannot seem to make this work.
The config example says...
Paste the configuration file like this:
# mind the wrap. this is one line: external_acl_type session ttl=60
%SRC /usr/local/sbin/squid/squid_session -t 7200 -b
/etc/squid/session.db
acl new_users external session
deny_info http://example.com/splash.html new_users
http_access deny !new_users
For the Debian package I had to modify the path to squid_session,
else squid would not start. No big deal. Correct path for my system
was: /usr/lib/squid/squid_session
I also changed the deny_info target to a valid splash page on an
accessible server. I made sure that the splash page can be loaded by
any client if accessed directly.
...the config example then goes on to say...
"This is just the snippet of config which causes the splash page and
session to be enacted. Rules which permit the visitor use of the
proxy are expected to be placed as appropriate below them. The basic
default safety nets should as always be above them."
This seems a bit ambiguous for people who are new to squid (like me).
I have tried pasting the block of code in various places in my config
file, and it seems no matter where I put it, I get the same result
from IE: "The page cannot not displayed, Diagnose Connection
Problems".
Your config should have the http_access rules broken into three labeled
sections.
One labeled "Recommended minimum configuration" has the basic security
settings.
One labeled "INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
CLIENTS" ... as it says.
and One labeled "And finally deny all other access to this proxy"
You can do almost anything you like in the middle section without
causing too much damage. Altering the others needs a bit of care.
Squid and AUTH works perfectly otherwise. Ideally, I want a splash
page that displays our AUP, and has a form for username and password.
Upon entering a valid username and password, acceptance of the AUP id
confirmed and access to the proxy is granted.
TIA! Jim
My squid.conf follows:
#----- SQUID 2.6.STABLE14 -----#
<snip>
#splash
external_acl_type session ttl=60 %SRC /usr/lib/squid/squid_session -t 7200 -b /etc/squid/session.db
acl new_users external session
deny_info http://proxy.efa.lan/aup.php new_users
http_access deny !new_users
http_access allow auth
http_access deny all
<snip all the safety controls, which have been placed after "deny all">
Strange. This should be working. It is almost exactly the config I have
in action at several wifi POPs which that page was written about.
* Check that the /etc/squid/session.db file permissions are open for the
squid effective user to read/write.
* Give it a try with a browser other than IE. They have diagnosis
tools which can show you which part of the transaction is failing and
details (firebug add-on for firefox or any of the webkit based browsers
have it built in).
What you should expect to see there is a GET request for page, reply
of 302 status and followup GET request for your deny_info URL.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
