Search squid archive

Re: ext_session_acl active mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hmm. The configuration I'm using in squid.conf is this:

# Set up the session helper in active mode. Mind the wrap - this is one line:
external_acl_type session ipv4 concurrency=100 ttl=3 %SRC
/usr/local/squid/libexec/ext_session_acl -a -T 60 -b
/usr/local/squid/var/lib/squid/session/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN

# Set up the normal session helper. Mind the wrap - this is one line:
external_acl_type session_active_def ipv4 concurrency=100 ttl=3 %SRC
/usr/local/squid/libexec/ext_session_acl -a -T 60 -b
/usr/local/squid/var/lib/squid/session/

# Normal session ACL as per simple example
acl session_is_active external session_active_def

# ACL to match URL
acl clicked_login_url url_regex -i ^http://192.168.13.3/renew_session.html

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display
deny_info http://192.168.13.3 session_is_active

renew_session.html being the page I want to have a link to on the
splash page that will reset the session. For some reason, whenever it
tries to redirect a browser to the splash page with this
configuration, the browser ends up showing me a "The page isn't
redirecting properly" error instead of loading the page. Same thing
happens if I replace http://192.168.13.3/renew_session.html with any
other page. It appears that the only way the configuration works is if
the deny_info line and the url_regex are exactly the same. Am I doing
something wrong?

Tal

On Sat, Jul 14, 2012 at 9:52 AM, Jack Black <secretagent101@xxxxxxxxx> wrote:
> Oh - that makes way more sense than what I was doing. Thanks!
>
> Tal
>
> On Sat, Jul 14, 2012 at 4:21 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>> On 14/07/2012 3:13 p.m., Jack Black wrote:
>>>
>>> Hi.
>>>
>>> According to this page:
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Portal/Splash
>>>
>>> Active Mode is supposed to prevent random software like anti-viruses
>>> from resetting the session when using ext_session_acl. Is this only
>>> true for software that uses TCP port 80, but NOT HTTP? I have
>>> configured active mode, and it works, but if my anti-virus checks
>>> online for updates (which it does all the time), the session gets
>>> reset and the browser never shows the splash page. The antivirus
>>> appears to use HTTP, since the log file shows this:
>>>
>>> TCP_DENIED/302 354 GET
>>> http://download353.avast.com/iavs5x/prod-ais.vpx - HIER_NONE/-
>>> text/html
>>>
>>> Which also indicates that it's what received the splash page. Is this
>>> expected behaviour? Is there a way to make sure that only a browser
>>> can reset the session and ignore other software that may use the HTTP
>>> protocol?
>>
>>
>> The expected behaviour is that everything making HTTP requests from the box
>> gets DENIED/302 splash page until you click on some link presented in that
>> page. thus manually requestign the "login" URL.
>>
>> Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux