Re: [squid-users] auto blacklist users

From: ian j hart <ianjhart@dont-contact.us>
Date: Sat, 8 Dec 2007 19:57:17 +0000

On Saturday 08 December 2007 17:20:46 ian j hart wrote:
> Okay I have something that seems to work.
>
> Can I have a quick review, then I'll leave you in peace.
>
> This may wrap.
>
> --- src/client_side.c.orig Mon Sep 3 14:13:36 2007
> +++ src/client_side.c Sat Dec 8 15:42:34 2007
> @@ -425,6 +425,11 @@
> clientRedirectStart(http);
> } else {
> int require_auth = (answer == ACCESS_REQ_PROXY_AUTH ||
> aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent;
> +/*ijh*/
> +debug(33,1) ("SOMESTRING %s %s %s\n",
> + AclMatchedName ? AclMatchedName : "<null>",
> + http->request->auth_user_request ?
> authenticateUserRequestUsername(http->request->auth_user_request) :
> "<null>", + http->uri);
> debug(33, 5) ("Access Denied: %s\n", http->uri);
> debug(33, 5) ("AclMatchedName = %s\n",
> AclMatchedName ? AclMatchedName : "<null>");
>
> Is it sane?
> Is it safe (e.g. http->request never null).
> Is the uri part okay and safe?
>
> I assume I'll need to patch clientAccessCheckDone2 as well.
>
> Are all code paths (for access denied) covered?
>
> Thanks again for all replies

Adjust debug

s/33,1/99,2/

i.e. Off by default. Give it it's own knob.

Mystery of the intermittent double hits may be solved. It seems to be a fetch
of /favicon.ico (I'm testing with konqueror, which does that).

-- 
ian j hart
Received on Sat Dec 08 2007 - 12:57:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST