Re: [squid-users] proxy_auth from Henrik Nordstrom on 2001-10-16 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 17 Oct 2001 01:02:52 +0200

Chris wrote:
>
> I see a lot of guys asking about acl but no post describes what I need.
> How to define acl and http_access that for some destination users will be
> prompted for password for others not (ldap server).
>
> I see in all examples:
>
> acl passwd proxy_auth
> http_access allow passwd
>
> What is 'passwd', squid variable (I can see no other line which
> defines 'passwd')?

The acl line defines passwd as a proxy_auth type ACL.

Note: the ACL example quoted is wrong, and should read

acl passwd proxy_auth REQUIRED

or if you only want to match some users

acl some-users proxy_auth user1 user2 user3 ...

There has been examples on how to allow some users access to some
destinations posted here in the last few days and numerous times before,
but here we go again:

acl usergroup1 proxy_auth user1 user2 user3 user4
acl usergroup2 proxy_auth user5 user6 user7 user8

acl dstgroup1 dstdomain host1.example.com host2.example.com
host3.example.com
acl dstgroup2 dstdomain host4.example.com host5.example.com

http_access allow usergroup1 dstgroup1
http_access allow usergroup2 dstgroup2

> And the second question, how to make redirections?
> user type 'http://something' and he is redirected to 'http://someting.com
> or to another proxy server (must be possibility to define several

In Squid URL redirection is done via the redirector interface. Requires
an external program doing the rewrites.

Lets assume you want any requests for http://something to generate a
redirect to http://something.com, and similary for http://somethingelse,
then the following small Perl based redirector can do the job:

#!/usr/bin/perl
$|=1;
while(<>) {
   s%^http://something($|/)%302:http://something.com/% && next;
   s%^http://somethingelse($|/)%302:http://somethingelse.com/% && next;
} continue {
   print;
}

Forwarding to another proxy server is done with the cache_peer
directives, and the selection/limiation of possible paths is controlled
by cache_peer_access and/or cache_peer_domain directives
(cache_peer_access is more flexible).

Regards
Henrik Nordström
Squid Hacker
Received on Tue Oct 16 2001 - 17:06:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:47 MST