Hi
I am trying to set up a router that is inline between the clients and
the internet.
Everything is working as far as proxy operations, however i am now
trying to set up a splash page that new clients are shown when they
first connect.
The splash page is served off a copy of nginx running on the proxy server.
local.<domainname>.com is set up in hosts and the dns the clients use to
point to the correct IP
I seem to be tangled up in ACL ordering. Whilst the redirect to the
splash page works fine, the session db is not getting written to so the
client never gets past the splash page.
Any guidance on this would be greatly appreciated.
thanks in advance
Darren B.
the relevant bits of the config are as follows.
----------------------------------------------------
acl localnet1 src 172.25.101.0/24 # RFC1918 possible internal network
acl localnet2 src 172.25.102.0/24 # RFC1918 possible internal network
acl localnet3 src 172.25.103.0/24 # RFC1918 possible internal network
acl localserver dstdomain local.<domainname>.com
http_access allow localhost
http_access allow localserver
#splash page
external_acl_type splash_page concurrency=100 ttl=60 %SRC
/usr/lib/squid3/ext_session_acl -a -T 10800 -b
/mnt/data/squid/session/session.db
acl existing_users external splash_page
http_access deny !existing_users
deny_info http://local.<domainname>.com?usr=%s existing_users
http_access allow localnet1
http_access allow localnet2
http_access allow localnet3
http_access deny !Safe_ports
-----------------------------------------------------------
my build of squid is
Squid Cache: Version 3.3.8
Ubuntu
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline'
'--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,smb_lm'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group'
'--enable-url-rewrite-helpers=fake' '--enable-ssl' '--enable-ssl-crtd'
'--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos'
'--enable-ecap' '--disable-translation'
'--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
'--with-large-files' '--with-default-user=proxy'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE
-pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security'
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
