Amos, You rock it, Thanks a lot, now its working pretty well. I was partialy aware of PHP limitation when used to build external helpers any way I gave it not too much importance since was working fine, I will rewrite code in python ASAP, I appreciate your recommendations. Please if is not too much to ask, I will like to ask you about another issue I have not been able to make it work, im trying to skip access logging of a subnet, in old versions of squid (3.1) I was using the following configuration acl ip_upredes src 10.2.100.0/24 log_access deny ip_upredes log_access allow all As of squid 3.4 log_access directive was no longer available I was trying to change to cache_access_log stdio:/var/log/squid3/access.log cache_store_log stdio:/var/log/squid3/store.log access_log none ip_upredes Starting squid in debug mode shows this 2015/01/30 22:50:15| ACL not found: ip_upredes FATAL: Bungled /etc/squid3/squid.conf line 98: access_log none ip_upredes I am suspecting about a missing configuration option when I compiled squid, so following are my compilation options configure options: '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--enable-ssl' '--enable-ssl-crtd' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' Again, thanks a lot for this great support, I read a lot of your answers in this mailing list on the web and I can say you are making a really GOOD job supporting this community and project. Thanks, thanks, thanks Alberto On 1/30/15, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 31/01/2015 9:15 a.m., Alberto Perez wrote: >> Hello to everyone, >> >> First of all thanks for the support and for this awesome product. >> > > Welcome. Thank You for getting the use of authorization vs > authentication correct in your question :-) so nice not to have to start > with clarifying that. > > >> I'm developing a captive portal with squid 3.4.9 over ubuntu 14.04 >> >> Here is my external acl configuration >> >> external_acl_type session_active_def ipv4 %SRC >> /etc/squid3/captive/sessionHelper.php concurrency=100 children=1 -a >> -f ttl=1 negative_ttl=0 startup=2 idle=1 >> > > <http://www.squid-cache.org/Doc/config/external_acl_type/>. > > > In particular you have the syntax for the helper wrong. The correct > syntax is: > > external_acl_type name [options] FORMAT /path/to/helper [helper arguments] > > Note the difference between "options" and "helper arguments". Helper > arguments is part of the command line to be run. > > > So this is the correct config line for what you have above is: > > external_acl_type \ > session_active_def \ > concurrency=100 children-max=1 children-startup=1 \ > ipv4 ttl=1 negative_ttl=0 \ > \ > %SRC \ > /etc/squid3/captive/sessionHelper.php -a -f > > > I noticed the total number of children was smaller that the number > indicated to be run at startup. Squid would complain about that as it > auto-corrects to using startup=1. > Also, with startup >= children the idle parameter is unnecessary. There > is no amount of child helpers being started later based on load. > > > NP: There were a few nasty issues with the Zend engine limiting how long > a PHP script was allowed to run for. Even the dynamic restart feature > for Squid helpers was unable to solve that fully. You may want to > re-write the helper into another language for production use. > > > >> acl password external session_active_def >> >> deny_info https://proxy-bump.upr.edu.cu/?url=%u password >> > > Be careful with the use of HTTPS in sessions. > > The initial CONNECT (even the fake-CONNECT Squid uses on intercepted > traffic) will need accounting for in your session management ACLs. You > dont want it to be kicking off another session login partway through the > first. > > > > HTH > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
