On 25/04/2013 7:12 p.m., Wojciech Kubiak wrote:
On 2013-04-23 13:34, Amos Jeffries wrote:
On 23/04/2013 9:44 p.m., Wojciech Kubiak wrote:
Hi
Is there any possibility to disconnect/kick/force reconnect a given
squid user's session by his user name, other than simply restarting
squid?
I can't use the client's IP address to do this, because the
connection between the client and the proxy server is running
through a SSH tunnel.
The only way to kick an existing connection is to identify the
IP:port and use TCP control tools to force the connection to die.
The cachemanager system has access to a list of active client
connections. So it should be relatively easy to add a manager action
that locates and kills a client connectivity.
Patches to implement this addition to cachemgr are welcome in squid-dev.
Amos
On 2013-04-23 13:34, Amos Jeffries wrote:
On 23/04/2013 9:44 p.m., Wojciech Kubiak wrote:
Hi
Is there any possibility to disconnect/kick/force reconnect a given
squid user's session by his user name, other than simply restarting
squid?
I can't use the client's IP address to do this, because the
connection between the client and the proxy server is running
through a SSH tunnel.
The only way to kick an existing connection is to identify the
IP:port and use TCP control tools to force the connection to die.
The cachemanager system has access to a list of active client
connections. So it should be relatively easy to add a manager action
that locates and kills a client connectivity.
Patches to implement this addition to cachemgr are welcome in squid-dev.
Amos
Thanks for your reply Amos.
I wrote in my original message that I can't use IP:port for kicking
because all clients connect to the proxy via a SSH tunnel. Because of
this, all clients appear as coming from localhost in the logs and
cachemanager.
Or am I misinterpreting something?
Sort of. The cachemgr "active_clients" report gives a lot of details
about the client. You can scan it for clients with the username you are
searching for, and find from that the particular IP:port you will need
to do TCP level things to that connection. The IP may all be ocalhost,
but each client connection should will have a different port number.
Amos
