Salutations,
On Sun, Oct 23, 2011 at 2:57 AM, Amos Jeffries wrote:
> It has passed the criteria for acceptance. I just have not yet had time to
> commit. It should be on its way in a few hours.
I'm guessing this is the commit you were talking about, right?
squid-3.2.0.13-20111023-r11381 23 Oct 2011
On Sat, Oct 22, 2011 at 5:08 PM, Andrew Beverley wrote:
> It will actually have the opposite effect. If the ACL is matched then
> your user never actually gets to the ACL that forces the client IP
> address to be "logged in" to the session helper. So, for starters, I
> would remove those rules. However...
Ok, I commented those out.
> I should have said, you also need to add a LOGIN command to the initial
> challenge:
>
> 10 192.168.235.136 LOGIN
>
> then
>
> 10 192.168.235.136
10 192.168.235.136 LOGIN
10 OK message="Welcome"
10 192.168.235.136
10 OK
10 74.125.39.138 ---- google's IP, thought I could experiment.
10 ERR message="Welcome"
>> > I suspect that the actual problem is a sync problem when running
>> > multiple session helpers (they cache the database individually). This
>> > problem is fixed with an upgrade to a newer Berkeley DB version in
>> > version 1.2 of the session helper, currently waiting acceptance into
>> > trunk. In the meantime the patch is available here:
>> >
>> > http://www3.us.squid-cache.org/mail-archive/squid-dev/201110/0116.html
>> >
>> > Andy
>> I'm having trouble applying the patch.
>
> For some reason it doesn't seem to apply from the root source directory.
> Try changing to the helpers/ directory and applying from there (with the
> -p1 switch). It won't patch one of the man pages, but I'm sure you can
> live without that.
I managed to apply the patch but didn't get anywhere, so I also
compiled squid-3.2.0.13-20111023-r11381 which seems to me (based on
the date of commit) to be containing the patch.
sbin/squid -v
Squid Cache: Version 3.2.0.13-20111023-r11381
Currently, the squid.conf looks like this:
external_acl_type session_LOGIN_master concurrency=100 ttl=2 %SRC
/usr/local/squid/libexec/ext_session_acl -T 30 -b
/usr/local/squid//lib/session.db -a
acl session_LOGIN external session_LOGIN_master LOGIN
external_acl_type session_ACTIVE_master concurrency=100 ttl=2 %SRC
/usr/local/squid/libexec/ext_session_acl -T 30 -b
/usr/local/squid/lib/session.db -a
acl session_is_ACTIVE external session_ACTIVE_master
acl clicked_login_url url_regex -i http://192.168.235.136/check.html
http_access allow clicked_login_url session_LOGIN
http_access deny !session_is_ACTIVE
deny_info http://192.168.235.136/splash.html session_is_ACTIVE
The behavior I get, and which I can always reproduce, is the following:
* start squid
** GET http://192.168.235.136/check.html
*** browse happily for 30 seconds.
**** Unable to GET any other page after 30seconds, even if accessing
http://192.168.235.136/check.html
& log:
TCP_MEM_HIT/200 372 GET http://192.168.235.136/check.html -
HIER_NONE/- text/html
TCP_DENIED/302 355 GET http://www.google.co.uk/
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
TCP_DENIED/302 355 GET http://192.168.235.136/splash.html
(and so on for another 100+ requests)
TCP_MEM_HIT/200 392 GET http://192.168.235.136/splash.html
BTW, how can I found out what version is the session helper?
Cheers.
Received on Mon Oct 24 2011 - 01:01:49 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 24 2011 - 12:00:03 MDT