2012/5/3 Eliezer Croitoru <eliezer@xxxxxxxxxxxx>: > On 02/05/2012 14:53, E.S. Rosenberg wrote: >> >> 2012/5/2 E.S. Rosenberg<esr@xxxxxxxxxxx>: >>> >>> Hi, >>> I just thought I'd share the script I have for the squid side, maybe >>> someone finds it useful. >>> I wrote in PHP because I wanted to use prepared statements and am most >>> familiar with PDO. >>> >>> Now my logs have usernames but squid does not allow me to make >>> proxy_auth acls since I have no auth mechanism configured (this >>> particular squid instance is a museum piece - 2.6, soon to be >>> replaced), if this issue also exists in squid 3.1 then how would I >>> control users based on a username returned through an external ACL? >>> >>> Thanks, >>> Eli >> >> I stuck the script on my server, that makes an easier read then from >> inside a mail: >> http://kotk.nl/verifyIP.phps >> >> Hope that helps, >> Eli >> > i saw your external_acl app and it seems very nice. > i wrote another one on ruby that seems almost like that(a mimic for > practice). > and i was wondering about how do you plan to implement the proxy_auth acls? > using AD? some other DB? I am not usre I follow, do you mean how I intend to manage my lists of usernames? In that case I am pushing for the use of LDAP properties, then a script will run every X time, determine whether or not the LDAP database was changed since the last update (based on change timestamps) and generate lists of usernames. Currently we don't have a good way of managing this, I have some sctipts that work based on the location of a user in our organization but that is not always correct. > you mentioned something about the network infrastructure\CISCO if i remember > right. Yes, the link of IP->username is generated based on the radius logs of the server that provides authentication for the wireless. However as said squid tells me that since I have no auth-mechanism fully setup I can't use proxy_auth lists so I wonder how can I use the username I provided in the external acl in the rest of squid? Thanks, Eli > > Regards, > Eliezer > > > > <SNIP> > >>> 2012/4/10 akadimi<amine.kadimi@xxxxxxxxx>: >>>> >>>> Hi Amos, >>>> >>>> Could you give me more details on your new session helper as soon as it >>>> becomes available. >>>> >>>> Regards, >>>> >>>> -- >>>> View this message in context: >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/external-acl-code-examples-tp4424505p4546016.html >>>> Sent from the Squid - Users mailing list archive at Nabble.com. > > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il
