Search squid archive

Problem with 'delay_access' using acl external

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi ppl! 

I'm getting an annoying problem with Squid 5.5 (work ok on old Squid 2.6)

My "delay_class" simple DON'T with if I use a acl external (helper - LDAP or winbind [ext_wbinfo_group_acl], same problem), delay_class work ok using a acl proxy_auth or acl src.... but nothing with a external.

I need to use external bcoz I use groups to specify Internet speed/policy per user.

All I get on cache.log it's this WARNING (Googled this one but don't find nothing helpful):
================================================================
2024/09/10 14:30:28 kid1| WARNING: Group_Internet ACL is used in context without an ALE state. Assuming mismatch.
    current master transaction: master62
================================================================

Anyone can give me a hand on this one?? 
Thanks a lot!!!
Carlos



Bellow there my sample squid.conf: 
================================================================

acl SSL_ports port 443 6443 8443 8080 8008
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost

http_port 8080

cache_dir ufs /var/spool/squid 8192 32 128

coredump_dir /var/spool/squid

auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -k /etc/squid/HTTP.keytab -s HTTP/SERVER@xxxxxxxxx
auth_param negotiate children 20 startup=2 idle=2

external_acl_type AD ttl=360 children-startup=2 children-max=20 children-idle=2 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -Z -K -R -d -h 192.168.0.10 -b "dc=realm,dc=lan" -D "cn=squid,cn=Users,dc=realm,dc=lan" -w password1234 -f "(&(cn=%u)(memberof=cn=%g,cn=Users,dc=realm,dc=lan))"

acl kerb-auth proxy_auth REQUIRED

acl Group_Internet external AD Internet_Access
acl User proxy_auth carlos@xxxxxxxxx
acl src_carlos_ip src 192.168.0.100

http_access allow Group_Internet # work!
http_access deny all


delay_pools 2
delay_class 1 2
delay_class 2 2

delay_parameters 1   4096000/4096000  2048000/2048000
delay_parameters 2   2048000/2048000   512000/512000

delay_access 1 allow Group_Internet  # won't work (Squid ignore it and pass to next delay_access)
#delay_access 1 allow User           # work!
#delay_access 1 allow src_carlos_ip  # work!
delay_access 1 deny all

delay_access 2 allow all
###############################################################

#
delay_access 1 allow Group_Internet  # won't work (Squid ignore it and pass to next delay_access)
#delay_access 1 allow User           # work!
#delay_access 1 allow src_carlos_ip  # work!
delay_access 1 deny all

#
delay_access 2 allow all
================================================================




_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux