Salutations, On Sun, Oct 23, 2011 at 2:57 AM, Amos Jeffries wrote: > It has passed the criteria for acceptance. I just have not yet had time to > commit. It should be on its way in a few hours. I'm guessing this is the commit you were talking about, right? squid-3.2.0.13-20111023-r11381 23 Oct 2011 On Sat, Oct 22, 2011 at 5:08 PM, Andrew Beverley wrote: > It will actually have the opposite effect. If the ACL is matched then > your user never actually gets to the ACL that forces the client IP > address to be "logged in" to the session helper. So, for starters, I > would remove those rules. However... Ok, I commented those out. > I should have said, you also need to add a LOGIN command to the initial > challenge: > > 10 192.168.235.136 LOGIN > > then > > 10 192.168.235.136 10 192.168.235.136 LOGIN 10 OK message="Welcome" 10 192.168.235.136 10 OK 10 74.125.39.138 ---- google's IP, thought I could experiment. 10 ERR message="Welcome" >> > I suspect that the actual problem is a sync problem when running >> > multiple session helpers (they cache the database individually). This >> > problem is fixed with an upgrade to a newer Berkeley DB version in >> > version 1.2 of the session helper, currently waiting acceptance into >> > trunk. In the meantime the patch is available here: >> > >> > http://www3.us.squid-cache.org/mail-archive/squid-dev/201110/0116.html >> > >> > Andy >> I'm having trouble applying the patch. > > For some reason it doesn't seem to apply from the root source directory. > Try changing to the helpers/ directory and applying from there (with the > -p1 switch). It won't patch one of the man pages, but I'm sure you can > live without that. I managed to apply the patch but didn't get anywhere, so I also compiled squid-3.2.0.13-20111023-r11381 which seems to me (based on the date of commit) to be containing the patch. sbin/squid -v Squid Cache: Version 3.2.0.13-20111023-r11381 Currently, the squid.conf looks like this: external_acl_type session_LOGIN_master concurrency=100 ttl=2 %SRC /usr/local/squid/libexec/ext_session_acl -T 30 -b /usr/local/squid//lib/session.db -a acl session_LOGIN external session_LOGIN_master LOGIN external_acl_type session_ACTIVE_master concurrency=100 ttl=2 %SRC /usr/local/squid/libexec/ext_session_acl -T 30 -b /usr/local/squid/lib/session.db -a acl session_is_ACTIVE external session_ACTIVE_master acl clicked_login_url url_regex -i http://192.168.235.136/check.html http_access allow clicked_login_url session_LOGIN http_access deny !session_is_ACTIVE deny_info http://192.168.235.136/splash.html session_is_ACTIVE The behavior I get, and which I can always reproduce, is the following: * start squid ** GET http://192.168.235.136/check.html *** browse happily for 30 seconds. **** Unable to GET any other page after 30seconds, even if accessing http://192.168.235.136/check.html & log: TCP_MEM_HIT/200 372 GET http://192.168.235.136/check.html - HIER_NONE/- text/html TCP_DENIED/302 355 GET http://www.google.co.uk/ TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html TCP_DENIED/302 355 GET http://192.168.235.136/splash.html (and so on for another 100+ requests) TCP_MEM_HIT/200 392 GET http://192.168.235.136/splash.html BTW, how can I found out what version is the session helper? Cheers.
