Search squid archive

Re: Best practice for adding or removing ACLs dynamically ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/11/20 12:27 pm, roee klinger wrote:
Thanks Amos!

I updated "auth_param basic credentialsttl" according to your advice and it is working great.

I am still having issues with the "tcp_outgoing_address 192.168.8.12 acl_for_user3002" part, you mentioned:
 > For ACLs with values that are expected to change often it is best to use
 > an external_acl_type helper that manages the updates or fetches from
 > somewhere the updates are handled without a reload.

My script updates the authenticator successfully, but when I update "acl acl_for_user3002 proxy_auth user2" to the new username I have to reconfigure to take effect. I read online for hours but to my best understanding external_acl_type are for auth and access control, but they don't work for my needs I believe.

Is there any way to use external_acl_type in a way I don't understand to solve this problem? Do I have to reconfigure every time I make changes to an ACL in squid.conf?


Some directives have to produce allow/deny result immediately, without waiting for a helper to respond. The details are documented here:
 <https://wiki.squid-cache.org/SquidFaq/SquidAcl>

In modern Squid you can use a helper to set annotations which are checked with the "note" ACL type in the fast checks.



It sounds a bit like you are trying to tie IPs to individual users. Please be aware that breaks the multiplexing and persistence features of HTTP, which is a major performance loss.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux