On 04/09/17 21:09, Ahmed Alzaeem wrote:
Hi amos , thanks for the kind response .
i denied to rebuild squid without IPV6 support and seems now no error in
helper .
i just curious to know about the auth directors in squid how should i
arrange it :
acl localnet src all
auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
acl ncsa_users proxy_auth REQUIRED
auth_param basic children 1000
external_acl_type bandwidth_check ttl=0 %SRC /usr/local/bin/bandwidth_check
acl bandwidth_auth external bandwidth_check
http_access allow localnet bandwidth_auth
http_access deny localnet !bandwidth_auth
###################################################
http_access allow ncsa_users
is above correct sequence to block any user exceeded quota ?
I put comments under each problematic line in my last post about the
problems in that http_access sequence. The config has not changed, so
they are all still occuring.
also should i use
external_acl_type bandwidth_check ttl=0 %SRC /usr/local/bin/bandwidth_check
or
external_acl_type bandwidth_check ttl=0 %SRC %LOGIN
/usr/local/bin/bandwidth_check
or
external_acl_type bandwidth_check ttl=0
*%EXT_USER* /usr/local/bin/bandwidth_check
That is up to you, and depends on what you want the helper to be checking.
%LOGIN supplies the HTTP authentication login. It will trigger a full
authentication sequence if there are no credentials, so place all uses
of ACLs involving this after your ncsa_users login check.
%EXT_USER supplies the user= value some earlier external_acl_type helper
produced. You do not seem to have any other external ACL helpers - so
this is probably not for you.
If you have a mix of authentication methods happening you might want the
%un code.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
