On 11/01/21 8:06 am, roee klinger wrote:
Thanks, Eliezer, I was able to get it working. Here is an example in case anybody runs into this in the future: acl mynote1 note mykey note1 acl mynote2 note mykey note2
FYI, key names ending with "_" character are reserved for custom keys like this.
external_acl_type user_whitelist_external children-max=20 ttl=300 %>lp %>a script.sh
NP: this does not check for users or authenticated traffic at all. It is only using the client-IP and Squid receiving port number.
To meet the earlier stated requirement about authenticated traffic the helper format should contain %un. The lines below should follow the http_access rules doing authentication checks.
You could also have the helper doing authentication send the notes to Squid. eg as a group name.
acl whitelisted_users external user_whitelist_external http_access allow whitelisted_users nonhierarchical_direct off never_direct allow all cache_peer 192.168.8.1 parent 101 0 proxy-only default name=proxy1 cache_peer_access proxy1 allow mynote1 cache_peer_access proxy0.2 deny all cache_peer 192.168.8.2 parent 102 0 proxy-only default name=proxy2 cache_peer_access proxy2 allow mynote2 cache_peer_access proxy0.3 deny all
NP: there is no peer named "proxy0.2" or "proxy0.3" so those deny lines are not doing anything. The only reason this config does what it appears at first glance to do, is that the inverted default for the prox1 and proxy2 peer access rules default is deny.
Then, on the external helper, I return one of these two: OK mykey=note1 OK mykey=note2
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users