[squid-users] Trying to implement Portal Splash

From: Jim Moseby <JMoseby_at_elasticfabrics.com>
Date: Fri, 12 Nov 2010 09:21:27 -0500

Using Debian platform with 2.6.STABLE14, and am following the config example found at http://wiki.squid-cache.org/ConfigExamples/Portal/Splash
 
I cannot seem to make this work.
 
The config example says...

Paste the configuration file like this:

# mind the wrap. this is one line:
external_acl_type session ttl=60 %SRC /usr/local/sbin/squid/squid_session -t 7200 -b /etc/squid/session.db

acl new_users external session

deny_info http://example.com/splash.html new_users

http_access deny !new_users

For the Debian package I had to modify the path to squid_session, else squid would not start. No big deal. Correct path for my system was: /usr/lib/squid/squid_session

I also changed the deny_info target to a valid splash page on an accessible server. I made sure that the splash page can be loaded by any client if accessed directly.
 

...the config example then goes on to say...

"This is just the snippet of config which causes the splash page and session to be enacted. Rules which permit the visitor use of the proxy are expected to be placed as appropriate below them. The basic default safety nets should as always be above them."

This seems a bit ambiguous for people who are new to squid (like me). I have tried pasting the block of code in various places in my config file, and it seems no matter where I put it, I get the same result from IE: "The page cannot not displayed, Diagnose Connection Problems".

Squid and AUTH works perfectly otherwise. Ideally, I want a splash page that displays our AUP, and has a form for username and password. Upon entering a valid username and password, acceptance of the AUP id confirmed and access to the proxy is granted.

TIA! Jim

My squid.conf follows:

#----- SQUID 2.6.STABLE14 -----#
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log common
hosts_file /etc/hosts
auth_param basic program /usr/lib/squid/nds_auth
auth_param basic children 5
auth_param basic realm Enter your NOVELL name and password
auth_param basic casesensitive off
auth_param basic blankpassword off
auth_param basic credentialsttl 8 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl auth proxy_auth REQUIRED

#splash
external_acl_type session ttl=60 %SRC /usr/lib/squid/squid_session -t 7200 -b /etc/squid/session.db
acl new_users external session
deny_info http://proxy.efa.lan/aup.php new_users
http_access deny !new_users

http_access allow auth
http_access deny all

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 563
acl SSL_ports port 873
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all

visible_hostname squid.efa.org
header_access Accept-Encoding deny all
coredump_dir /var/spool/squid
extension_methods REPORT MERGE MKACTIVITY CHECKO
Received on Fri Nov 12 2010 - 14:21:54 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 13 2010 - 12:00:02 MST