Hello,
PREFACE:
---------
I have a squid.conf file which includes 2 files.
include pre.conf
include main.conf
main.conf will never be changed and contains most of the config and an
external acl helper with roughly following directives:
external_acl_type ipuser queue-size=40 ttl=120 children-max=1
children-startup=1 concurrency=20 %>a /usr/lib/squid/ip_to_user
acl proxyuser external ipuser
http_access deny !proxyuser
This helper simply reads IP address and returns username (OK user=xyz)
or ERR.
Squid blocks the access if no user was found.
SPECIAL CASE HACK:
-------------------
Sometimes we switch to basic proxy authentication via database and do
not require IP to user conversion.
So I add following lines to pre.conf
auth_param basic program /usr/lib/squid/basic_db_auth <arguments>
external_acl_type ipuser queue-size=40 ttl=120 children-max=1
children-startup=1 concurrency=20 %>a %ul /usr/lib/squid/ip_to_user
%ul - forces squid to ask for authentication and same is passed to
ip_to_user.
ip_to_user detects that user is already known and hence returns same
user back without processing IP address.
This works as expected but I have a question / doubt.
QUESTION:
----------
Effectively squid.conf now has two external_acl_type lines with same
name. (ipuser)
First one has %ul and other one does not.
From my tests - first one gets the priority and second one is ignored
by squid.
So my questions are:
1) Can I assume this to be always true?
2) Can there be a case where second gets called instead of first?
3) Can I expect this assumption to remain the same in future too?
Please guide.
Thank you in advance.
Regards,
Amish.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users