Hi Amos and thanks for your response,
I have a database of users that can be both users IP (192.168.1.0/24) as standard (juan manuel, owners, etc).
Besides, I have for those users a set of rules that regulate their navigation.
The following configuration for redir_program works ok for me.
---------------------------------------------------------------------------
auth_param basic program myauthdb
auth_param basic children 10
auth_param basic realm Test
auth_param basic credentialsttl 2 hours
acl pass proxy_auth REQUIRED
external_acl_type notauth children=10 ttl=0 %SRC notauth
acl bypass_auth external notauth
redirect_program redirector.pl
redirect_rewrites_host_header on
redirect_children 70
acl Restrictivo src 10.0.0.0/8
http_access allow bypass_auth
http_access allow Restrictivo pass
-----------------------------------------------------------------------------
The program notauth takes the parameter %SRC internally and verify if user IP exists in the system. To be positive
returns OK and ignore authentication. In that case the redirect_program receives the authenticated user "-" and internally
takes the user such as IP.
What I want to do is this the same but with external acl. The fallowing configuration don´t work for me.
-----------------------------------------------------------------------------
auth_param basic program myauthdb
auth_param basic children 10
auth_param basic realm Test
auth_param basic credentialsttl 2 hours
acl pass proxy_auth REQUIRED
external_acl_type notauth children=10 ttl=0 %SRC notauth
acl bypass_auth external notauth
external_acl_type redirprogram children=30 concurrency=10 ttl=300 %URI %SRC %LOGIN %METHOD redirector.pl
acl redir external redirprogram
http_access allow bypass_auth redir
http_access allow pass redir
http_access allow redir
# And finally deny all other access to this proxy
http_access deny all
deny_info ERR_FILTER_DENIED redir all
-----------------------------------------------------------------------------
I added the acl notauth return OK user=IP, the idea is that the acl redir assume %LOGIN as the IP. It does't works for me.
The operation is required to be with an external acl to write in the log with the label %ea.
The acl redirect_program does not support sending something to the log.
I hope you understand what I want to do, and if exist a way to do it?.
Sorry for the inconvenience and for my English.
----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Sent: Tuesday, November 22, 2011 2:56:39 PM
Subject: Re: %login in ACL without autentication configured
On 23/11/2011 3:04 a.m., Luis Enrique Sanchez Arce wrote:
> I try to configure external acl without autentication configured
>
> external_acl_type redirprogram children=30 concurrency=10 ttl=300 %URI %SRC %LOGIN %METHOD redir
>
> If i use the acl redir_program and the autentication is not configured the user logged is "-"
>
> How can i do that with external acl. I need use external acl to modified the entry log with %ea variable.
>
> Best regard,
> Luis
>
%LOGIN is for passing the autentication helper credentials to the
external ACL helper. Doing a full login if needed.
For extenral ACL to produce credentials it needs to do whatever to
locate them in the background and passes the username back to Squid like so:
OK user=username
or
ERR user=suername
Amos
Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
