Re: [squid-users] debugging ACLs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 20 Mar 2008 01:51:42 +0100

On Tue, 2008-03-18 at 17:51 +0000, paul cooper wrote:
> a follow-on
>
> ive turned up debugging to
> debug_options ALL,1 33,2 28,9
>
> squid.conf has
> hepworth andrew # cat -n /etc/squid/squid.conf |grep ip_user
> 405 external_acl_type ip_user_helper %SRC %LOGIN
> /usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
> hepworth andrew #
> hepworth andrew # cat -n /etc/squid/squid.conf |grep andr
> 563 acl andrew ext_user andrew
> 642 http_access allow andrew
> hepworth andrew #

You also need an external acl triggering the lookup.

acl ip_user external ip_user_helper
http_access deny !ip_user
http_access allow andrew

The ext_user acl only matches the returned username after the fact. It
does not in it self trigger an external acl lookup.

Regards
Henrik
Received on Wed Mar 19 2008 - 18:53:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT