Adding a new functionality: returning a custom page

Hi,

Let me first introduce myself and describe the context of my request.
I work as a developer for a company that extensively uses squid to restrict
and control its HTTP/FTP access to the Internet. They feel the need to add a
new functionality in squid that consists in returning an HTML page to a
user, the first time he tries to connect to the Internet.

Attached to this mail is a patch I made. It is based on the
squid-2.4.PRE-STABLE version.
As I am new to squid I do not know if the way I developed the functionality
is right and if it doesn't interfere with other mechanisms in the product.
I would really appreciate comments on it.

The simplest way I found to make it was to use the proxy authentication
mechanism: as this mechanism keeps a context in memory for each
authenticated user, we can easily detect if the page has already been
returned or not to the user.

I think that the most critical point is the configuration aspect.
Configuration will influence both the product behaviour and the code
development. Different possibilities can be used to configure the
functionality:
- adding a new kind of "proxy_auth" acl,
- adding a new kind of "http_access" tag,
- adding a special parameter to the "proxy_auth" acl (which is what I did).
The problem was to block an allowed request ("http_acces allow") only
the first time a user get authenticated ("acl password proxy_auth"):
http_access, proxy_auth, and user are objects used at three different
levels.

The patch is quite simple; main adds are:
- a global variable (const char *RequestBlockingAclMatchedName;) which is:
   - set to NULL (in aclMatchAclList)
   - assigned to the proxy_auth rule name that blocked the request
     (in aclMatchAcl)
   - checked (in clientAccessCheckDone) when the answer is ACCESS_ALLOWED
- an integer in the _acl_proxy_auth_user structure
(int request_blocking_done;) used to know if the first request has already
been
blocked (plus time_t validatedtime; used to control the duration of the
blocking period)
- a flag in the _acl structure (acl_flags flags;): it is used with
proxy_auth acl and set to FLAG_ACL_REQUEST_BLOCKING when the parameter
"BLOCK" is present in the proxy_auth parameters.

USAGE:
To use the functionality, you have to add "BLOCK" to the parameters of the
desired proxy_auth acl:
    acl password proxy_auth REQUIRED BLOCK
Customisation is made by adding the following lines:
     blocking_info FRONT_PAGE password
     blocking_ttl 5 seconds

LIMITS:
The following rules will make the user being erroneously marked as if he had
received the page:
     http_access deny password
     http_access allow password rule2 (if rule2 fails !)
I already have ideas on how to avoid those mistakes but as they are not
grave, there is no hurry to complicate things !.

  Thanks

      Sebastien.