Re: [squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication

From: kiran kumar <cnvkiran_at_gmail.com>
Date: Tue, 19 Jan 2010 17:42:07 -0800

Fantastic. This worked for me. thanks Chris and Amos for the replies.
--Kiran
On Tue, Jan 19, 2010 at 1:23 PM, Chris Robertson <crobertson_at_gci.net> wrote:
> kiran kumar wrote:
>>
>> Dear All,
>>
>> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce
>> user Authentication. I don't want to authenticate every request but
>> have Squid talk to my policy framework before deciding either to
>> authenticate or skip authentication for the request. The policy will
>> be based on source-ip of the request. Is there a way to do this in
>> Squid? I was hoping Squid to use the return value of external helper
>> program to enforce authentication.
>>
>> I do not want to configure this statically in squid.conf as the
>> policies keep changing.\
>>
>> Thanks in Advance,
>>
>> Kiran
>>
>
> I haven't tested it, but I think...
>
> http_access deny is_auth_needed !proxy_auth
> http_access allow my_net
>
> ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that
> require authentication and "ERR" for those that don't and "proxy_auth" is a
> standard authentication ACL would do just what you want.
>
> ACLs that comprise http_access rules are "ANDed" together, so if the first
> test fails, further ACls are not checked.
>
> Chris
>
>
Received on Wed Jan 20 2010 - 01:42:14 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 20 2010 - 12:00:04 MST