On 31/01/2015 9:15 a.m., Alberto Perez wrote: > Hello to everyone, > > First of all thanks for the support and for this awesome product. > Welcome. Thank You for getting the use of authorization vs authentication correct in your question :-) so nice not to have to start with clarifying that. > I'm developing a captive portal with squid 3.4.9 over ubuntu 14.04 > > Here is my external acl configuration > > external_acl_type session_active_def ipv4 %SRC > /etc/squid3/captive/sessionHelper.php concurrency=100 children=1 -a > -f ttl=1 negative_ttl=0 startup=2 idle=1 > <http://www.squid-cache.org/Doc/config/external_acl_type/>. In particular you have the syntax for the helper wrong. The correct syntax is: external_acl_type name [options] FORMAT /path/to/helper [helper arguments] Note the difference between "options" and "helper arguments". Helper arguments is part of the command line to be run. So this is the correct config line for what you have above is: external_acl_type \ session_active_def \ concurrency=100 children-max=1 children-startup=1 \ ipv4 ttl=1 negative_ttl=0 \ \ %SRC \ /etc/squid3/captive/sessionHelper.php -a -f I noticed the total number of children was smaller that the number indicated to be run at startup. Squid would complain about that as it auto-corrects to using startup=1. Also, with startup >= children the idle parameter is unnecessary. There is no amount of child helpers being started later based on load. NP: There were a few nasty issues with the Zend engine limiting how long a PHP script was allowed to run for. Even the dynamic restart feature for Squid helpers was unable to solve that fully. You may want to re-write the helper into another language for production use. > acl password external session_active_def > > deny_info https://proxy-bump.upr.edu.cu/?url=%u password > Be careful with the use of HTTPS in sessions. The initial CONNECT (even the fake-CONNECT Squid uses on intercepted traffic) will need accounting for in your session management ACLs. You dont want it to be kicking off another session login partway through the first. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
