Dear all
I would like to use 2 external helpers in order to use a web
authentication form
The deal is to use combination of ext_session_acl and my own external
helper
But i did not know how to create the ACLs
I have done 50%
---------------------------------------
external_acl_type checkauth concurrency=100 ttl=3 %SRC %URI %>{Host}
%>{Cookie} /usr/bin/squid-helper.php
external_acl_type AuthenticatedSessions ttl=60 concurrency=100 %SRC
/usr/local/sbin/squid/ext_session_acl -t 48000 -b
/var/lib/squid/session-web-form.db
acl AuthenticatedHelper external checkauth
acl Authenticated_users external AuthenticatedSessions
deny_info http://10.10.10.10/login.php checkauth
http_access deny !AuthenticatedHelper
In this model the squid-helper.php checks the cookie sended by the
http://10.10.10.10/login.php page.
If cookie exists then squid-helper.php answer OK
if the request is http://10.10.10.10/login.php the squid-helper.php
answer OK in order to allow the authentication web page.
if cookie does not exists then squid-helper.php answer ERR and the
login.php page is in charge to authenticate the user and create the new
cookie
The problem with this is when the user try to connect to an other
website, the cookie does not exists.
The squid-helper.php answer ERR and requests are returned back to the
login page.
To make this done to 100% i need to force squid to identifiy the user
after a squid-helper.php positive answer.
I thinking about using the session helper ( "AuthenticatedSessions" acl )
If the request pass AuthenticatedHelper acl and if the request is not
in the Authenticated_users acl then a session is created and squid
process the request.
if the request pass AuthenticatedHelper and pass Authenticated_users
then squid process the request.
Is there a more/proper /simple way ?
How to merge the 2 helpers in order to make it work ?
best regards