kiran kumar wrote:
> Dear All,
>
> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce
> user Authentication. I don't want to authenticate every request but
> have Squid talk to my policy framework before deciding either to
> authenticate or skip authentication for the request. The policy will
> be based on source-ip of the request. Is there a way to do this in
> Squid? I was hoping Squid to use the return value of external helper
> program to enforce authentication.
>
> I do not want to configure this statically in squid.conf as the
> policies keep changing.\
>
> Thanks in Advance,
>
> Kiran
>
I haven't tested it, but I think...
http_access deny is_auth_needed !proxy_auth
http_access allow my_net
...where "is_auth_needed" is an external ACL that returns "OK" for IPs
that require authentication and "ERR" for those that don't and
"proxy_auth" is a standard authentication ACL would do just what you want.
ACLs that comprise http_access rules are "ANDed" together, so if the
first test fails, further ACls are not checked.
Chris
Received on Tue Jan 19 2010 - 21:23:48 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 20 2010 - 12:00:04 MST