Re: [squid-users] question on external_acl_type

On 31/01/2005, at 4:13 PM, Norio Korekawa wrote:

> Hello,
>
> I have a question on external_acl_type and I hope someone will kindly
> give me comments or answers.
>
> Firstly, my squid is Squid Cache: Version 2.5.STABLE1, I'm running
> it on Red Hat Linux release 9 (Shrike) and the basic part of my
> squid.conf is as follows:
>
>
> --- my squid.conf ---
> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> external_acl_type myacltype %LOGIN %SRC %DST %{Referer} %{User-Agent}
> /usr/lib/squid/myaclhelper.pl
> acl myacl external myacltype
>
> acl user_auth_acl proxy_auth REQUIRED
> http_access deny !user_auth_acl

I think this should be closer to

http_access allow user_auth_acl myacl

This way it is an AND statement as at the moment it is actually an OR
statement

> http_access deny !myacl
> http_access allow all
> --- my squid.conf ---
>
>
> My question is:
>
> It seems that myaclhelper.pl is called by squid, every time new URL
> is accessed, but is this correct action? I think it should not be
> called, once myacl passes, that is, myaclhelper.pl returns "OK".
> In fact, ncsa_auth seems not to be called, once HTTP basic
> authentication
> passes...
>
There is another option that specifies how long the helper caches it
data for....

external_acl_type myacltype ttl=600 %LOGIN %SRC %DST %{Referer}
%{User-Agent} /usr/lib/squid/myaclhelper.pl

Where 600 is the cached answer timer.

For testing I normally set it really low so that the responses are
almost real-time but in the real world this creates way too much
overhead.

> I think my squid.conf has some problems, but I don't know what they
> are...
>
> Any answer would be appreciated.
> Thanks in advance.
> Norio

This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
 those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.
Received on Sun Jan 30 2005 - 23:05:21 MST