Re: Using IDENT ACL for peer selection

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 23 Jun 2001 02:31:15 +0200

Georgy Salnikov wrote:

> we would like that only authoritative users could get the fast and costly
> peer while other users be transparently switched by Squid to the slower
> channels. This is easily achieved via the cache_peer_access allow/deny
> clauses as long as all users on the same Unix host are allowed (or denied)
> in the same time. If we wish to allow some users and to deny others from the
> same client host, then we need to use IDENT ACLs in the cache_peer_access
> parameter.

What we can try to allow the ident to be used IFF it has first been
requested by http_access. What is needed to do this is to make the
request inherit the rfc931 value from the client connection and then use
this when making the checklist in peerAllowedToUse.

Note: If you do not want to perform authorization based on ident, then
use a dummy line that only forces the ident lookup

acl ident ident REQUIRED
http_access deny ident !all

Passing the client connection down to peerAllowedToUse won't do.

--
Henrik Nordstrom
Squid Hacker
Received on Fri Jun 22 2001 - 19:20:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:04 MST