On 01/10/11 06:18, 0xception wrote:
Hi, So i'm attempting to setup squid to interact with a hotspot/portal system where squid uses deny_info to redirect users to a terms page. Once they login their packets are marked and do not go through the proxy anymore. However when i configure squid to use deny_info like below it seems to cache the redirect in the users browser. So for about 5-10 min after they have logged in and are no longer going through the proxy they still get redirected every time they attempt to go to that original requesting page. cache deny all
... prevents Squid storing things itself. This is not usually a problem.
... acl whitelist dstdomain "/etc/squid/domains.lst" deny_info http://login.domain.com/ whitelist http_access deny !whitelist I've tried using a url_redirector script to handle the redirect and using 307 instead of a 302 code but both seem to be cached in browser. Is there anyways to force the browser to not cache the redirect? or perhaps another way to go about this? Example use case below, thanks for any help/advise.
Interesting. The redirector methods should have worked. It is not bound to produce identical results on every request like dstdomain.
Example: 1. User opens web browser and requests http://xkcd.com 2. Request to http://xkcd.com is then redirected with a HTTP 302 code to Login page. 3. User authenticates and accepts terms and conditions 4. User requests http://xkcd.com again after authenticating. They are redirected back to the login page
dstdomain is a static ACL only re-loaded during squid startup. You update the whitelist and restart your whole Squid on every user login?
This is why external_acl_type ACLs are used for login splash pages and sessions. They are completely dynamic in input->output mapping with tunable TTL on the resulting action.
5. All other webpages and domains work as expected with out problems. Thanks, Using squid 3.1.11
Overall, this is very strange. Squid does not send cache control details on generated 30x replies. So caching is not permitted. You can verify that with "squidclient http://xkcd.com/"; to your Squid. It sould look something like this:
### squidclient http://c.com/ HTTP/1.1 302 Moved Temporarily Server: squid/3.HEAD-BZR Mime-Version: 1.0 Date: Thu, 06 Oct 2011 11:50:49 GMT Content-Type: text/html Content-Length: 0 Location: http://login.domain.com/ X-Cache: MISS from troja0 Via: 1.1 troja0 (squid/3.HEAD-BZR) Connection: close Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12
