Hmm. The configuration I'm using in squid.conf is this: # Set up the session helper in active mode. Mind the wrap - this is one line: external_acl_type session ipv4 concurrency=100 ttl=3 %SRC /usr/local/squid/libexec/ext_session_acl -a -T 60 -b /usr/local/squid/var/lib/squid/session/ # Pass the LOGIN command to the session helper with this ACL acl session_login external session LOGIN # Set up the normal session helper. Mind the wrap - this is one line: external_acl_type session_active_def ipv4 concurrency=100 ttl=3 %SRC /usr/local/squid/libexec/ext_session_acl -a -T 60 -b /usr/local/squid/var/lib/squid/session/ # Normal session ACL as per simple example acl session_is_active external session_active_def # ACL to match URL acl clicked_login_url url_regex -i ^http://192.168.13.3/renew_session.html # First check for the login URL. If present, login session http_access allow clicked_login_url session_login # If we get here, URL not present, so renew session or deny request. http_access deny !session_is_active # Deny page to display deny_info http://192.168.13.3 session_is_active renew_session.html being the page I want to have a link to on the splash page that will reset the session. For some reason, whenever it tries to redirect a browser to the splash page with this configuration, the browser ends up showing me a "The page isn't redirecting properly" error instead of loading the page. Same thing happens if I replace http://192.168.13.3/renew_session.html with any other page. It appears that the only way the configuration works is if the deny_info line and the url_regex are exactly the same. Am I doing something wrong? Tal On Sat, Jul 14, 2012 at 9:52 AM, Jack Black <secretagent101@xxxxxxxxx> wrote: > Oh - that makes way more sense than what I was doing. Thanks! > > Tal > > On Sat, Jul 14, 2012 at 4:21 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 14/07/2012 3:13 p.m., Jack Black wrote: >>> >>> Hi. >>> >>> According to this page: >>> >>> http://wiki.squid-cache.org/ConfigExamples/Portal/Splash >>> >>> Active Mode is supposed to prevent random software like anti-viruses >>> from resetting the session when using ext_session_acl. Is this only >>> true for software that uses TCP port 80, but NOT HTTP? I have >>> configured active mode, and it works, but if my anti-virus checks >>> online for updates (which it does all the time), the session gets >>> reset and the browser never shows the splash page. The antivirus >>> appears to use HTTP, since the log file shows this: >>> >>> TCP_DENIED/302 354 GET >>> http://download353.avast.com/iavs5x/prod-ais.vpx - HIER_NONE/- >>> text/html >>> >>> Which also indicates that it's what received the splash page. Is this >>> expected behaviour? Is there a way to make sure that only a browser >>> can reset the session and ignore other software that may use the HTTP >>> protocol? >> >> >> The expected behaviour is that everything making HTTP requests from the box >> gets DENIED/302 splash page until you click on some link presented in that >> page. thus manually requestign the "login" URL. >> >> Amos
