Hello, Thank you, it help a lot and clarify things. Emmanuel. Le 20/06/2017 à 14:46, Amos Jeffries a écrit : > On 20/06/17 22:55, FUSTE Emmanuel wrote: >> Hello, >> >> I need to select a cache peer based on the user group. >> As cache_peer_access need a fast acl to have predicable result, I tried to >> - annotate transactions with "note" >> - match the annotation with a fast acl >> - use the acl in the cache_peer_access directive >> >> But I still got warning about slow acl in use where fast are required. >> I am missing something ? > The 'note' directive (different from the note ACL type) itself is a > "fast" access control whose purpose is to add things into the log file. > It only does its thing at the termination of a transaction right before > logging. > > > What you are wanting is to alter the external_acl_type helper (or write > a script wrapper for it that changes the output). Such that when Squid > sends it a lookup it generates an response to Squid saying something > like this: > > OK profil="$group_name" > > (where $group_name, is the group which matched) > > > When that is working you can also vastly simplify your squid.conf by > replacing all these: > > acl StandardUser external ldap_group ACCESINTERNET > acl VIPUser external ldap_group ACCESCHARGEDECOM > acl NoNetUser external ldap_group INITIAL > > ... with a single helper ACL test: > acl group external ldap_group ACCESINTERNET ACCESCHARGEDECOM INITIAL > > ... which gets run only for authenticated users: > http_access deny !AuthorizedUsers > http_access allow group > > ... and use the note ACLs to do all your other access controls: > acl StandardUser note profil ACCESINTERNET > acl VIPUser note profil ACCESCHARGEDECOM > acl NoNetUser note profil INITIAL > > > > PS. >> maximum_object_size_in_memory 50 MB >> logformat squid [%tl] %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt > FYI: please do not try to define that "squid" log format in squid.conf. > Squid does not follow that instruction, and may do unexpected things as > a result. The latest releases will refuse to start if squid.conf > contains these. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
