On 11/01/21 8:06 am, roee klinger wrote:
Thanks, Eliezer, I was able to get it working.
Here is an example in case anybody runs into this in the future:
acl mynote1 note mykey note1
acl mynote2 note mykey note2
FYI, key names ending with "_" character are reserved for custom keys
like this.
external_acl_type user_whitelist_external children-max=20 ttl=300
%>lp %>a script.sh
NP: this does not check for users or authenticated traffic at all. It is
only using the client-IP and Squid receiving port number.
To meet the earlier stated requirement about authenticated traffic the
helper format should contain %un. The lines below should follow the
http_access rules doing authentication checks.
You could also have the helper doing authentication send the notes to
Squid. eg as a group name.
acl whitelisted_users external user_whitelist_external
http_access allow whitelisted_users
nonhierarchical_direct off
never_direct allow all
cache_peer 192.168.8.1 parent 101 0 proxy-only default name=proxy1
cache_peer_access proxy1 allow mynote1
cache_peer_access proxy0.2 deny all
cache_peer 192.168.8.2 parent 102 0 proxy-only default name=proxy2
cache_peer_access proxy2 allow mynote2
cache_peer_access proxy0.3 deny all
NP: there is no peer named "proxy0.2" or "proxy0.3" so those deny lines
are not doing anything. The only reason this config does what it appears
at first glance to do, is that the inverted default for the prox1 and
proxy2 peer access rules default is deny.
Then, on the external helper, I return one of these two:
OK mykey=note1
OK mykey=note2
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
