Re: cache_peer selection based on username

"Eliezer Croitoru" <ngtech1ltd@xxxxxxxxx> · Mon, 11 Jan 2021 11:03:06 +0200

In the next example I wrote a whole setup:
https://github.com/elico/vagrant-squid-outgoing-addresses

Specifically it would look something like:
https://github.com/elico/vagrant-squid-outgoing-addresses/blob/master/shared/note.rb#L82

it’s as a line like:
echo “OK x_note=100 ip=100”

The in squid use an acl like this:
https://github.com/elico/vagrant-squid-outgoing-addresses/blob/9221a73394ced582fec84bc42abfaae3c9a364b3/shared/collect-32-subnet-addresses.rb#L17

ie:
echo "acl #{ip_map[key]} note ip #{acl_name.match(/([0-9]+)/)[1]}" |tee -a /etc/squid/conf.d/acl-to-ip.conf

It’s better to run the lab and see the content of the conf files to understand it.
You will need VirtualBox and Vagrant to power up this lab.

Later I might be able to record a video of this but not sure yet about this.

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
Zoom: Coming soon

From: roee klinger <roeeklinger60@xxxxxxxxx> 
Sent: Sunday, January 10, 2021 5:51 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Cc: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Subject: Re:  cache_peer selection based on username

So basically I return a note with the “OK” response, which can be any string, for example “100”.

Then, I can use “100” as a normal ACL in squid.conf?

Thanks

On Jan 10, 2021, at 17:36, Eliezer Croitoru <ngtech1ltd@xxxxxxxxx> wrote:
You should use a note acl for that.
When you return the whitelisted client you should add a note which can be 1-100 or any other static string.

It works just out of the box.

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
Zoom: Coming soon

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of roee klinger
Sent: Sunday, January 10, 2021 5:33 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject:  cache_peer selection based on username

Hey,

I am trying to figure out the best way to select cache peers based on the client username, I have read extensively but I cannot figure out the best way to do it.

so far I have:
external_acl_type user_whitelist_external children-max=20 ttl=300 %>lp %>a script.sh
acl whitelisted_users external user_whitelist_external
http_access allow whitelisted_users

and:
nonhierarchical_direct off
never_direct allow all
cache_peer 192.168.8.1 parent 101 0 proxy-only default name=proxy1
cache_peer_access proxy1 allow whitelisted_users
cache_peer_access proxy0.2 deny all
cache_peer 192.168.8.2 parent 102 0 proxy-only default name=proxy2
cache_peer_access proxy2 allow whitelisted_users
cache_peer_access proxy0.3 deny all

ideally, script.sh checks if the request is authinticated and if it is, it selects the cache peer to use, is there some kind of way to achieve this with "Defined keywords" to select which cache peer to use or am I looking at this the wrong way?

What would be the best way to accomplish this?
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users