Re: [squid-users] external_acl_type with http request header question

Thanks for you help. I think I almost got it--but it is not working -- yet.

I created the file ident.sh and made it executable (777) and added these
lines to squid:

external_acl_type propel_header_auth %{Hdr:member} /etc/squid/ident.sh
x-pun:user
acl propel_header_auth ident REQUIRED

Am I all wet?

Ryan Lamberton

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Ryan Lamberton" <ryan@familink.com>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>; <squid-users@squid-cache.org>
Sent: Saturday, May 07, 2005 3:11 AM
Subject: Re: [squid-users] external_acl_type with http request header
question

>
>
> On Fri, 6 May 2005, Ryan Lamberton wrote:
>
>> hmm... is there an example of a "silly helper" out there I can
>> use/modify?
>
> In this case as all you need it to echo the username back to Squid the
> following suffices:
>
> #!/bin/sh
> while read user; do
> echo OK user=$user
> done
>
>> And will the Ident acl "set" the username the same way the proxy_auth
>> does so my filtering program can identify the username?
>
> Yes.
>
>> Why should I disable client side persistent connections?
>
> Because of the ident association of the external acl returned username in
> Squid-2.5. ident is connection oriented, meaning all requests on this
> connection will inherit the username.
>
> This is fixed in Squid-3.0, where this mechanism of having external acls
> returning a username is more obvious.
>
> Regards
> Henrik
Received on Mon May 09 2005 - 13:48:30 MDT