Re: [squid-users] %login in ACL without autentication configured

Hi Amos and thanks for your response,

I have a database of users that can be both users IP (192.168.1.0/24) as standard (juan manuel, owners, etc).
Besides, I have for those users a set of rules that regulate their navigation.

The following configuration for redir_program works ok for me.

---------------------------------------------------------------------------
auth_param basic program myauthdb
auth_param basic children 10
auth_param basic realm Test
auth_param basic credentialsttl 2 hours
acl pass proxy_auth REQUIRED

external_acl_type notauth children=10 ttl=0 %SRC notauth
acl bypass_auth external notauth

redirect_program redirector.pl
redirect_rewrites_host_header on
redirect_children 70

acl Restrictivo src 10.0.0.0/8

http_access allow bypass_auth
http_access allow Restrictivo pass
-----------------------------------------------------------------------------

The program notauth takes the parameter %SRC internally and verify if user IP exists in the system. To be positive
returns OK and ignore authentication. In that case the redirect_program receives the authenticated user "-" and internally
takes the user such as IP.

What I want to do is this the same but with external acl. The fallowing configuration don´t work for me.

-----------------------------------------------------------------------------
auth_param basic program myauthdb
auth_param basic children 10
auth_param basic realm Test
auth_param basic credentialsttl 2 hours
acl pass proxy_auth REQUIRED

external_acl_type notauth children=10 ttl=0 %SRC notauth
acl bypass_auth external notauth

external_acl_type redirprogram children=30 concurrency=10 ttl=300 %URI %SRC %LOGIN %METHOD redirector.pl
acl redir external redirprogram

http_access allow bypass_auth redir
http_access allow pass redir
http_access allow redir

# And finally deny all other access to this proxy
http_access deny all
deny_info ERR_FILTER_DENIED redir all
-----------------------------------------------------------------------------

I added the acl notauth return OK user=IP, the idea is that the acl redir assume %LOGIN as the IP. It does't works for me.

The operation is required to be with an external acl to write in the log with the label %ea.
The acl redirect_program does not support sending something to the log.

I hope you understand what I want to do, and if exist a way to do it?.

Sorry for the inconvenience and for my English.

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: squid-users_at_squid-cache.org
Sent: Tuesday, November 22, 2011 2:56:39 PM
Subject: Re: [squid-users] %login in ACL without autentication configured

On 23/11/2011 3:04 a.m., Luis Enrique Sanchez Arce wrote:
> I try to configure external acl without autentication configured
>
> external_acl_type redirprogram children=30 concurrency=10 ttl=300 %URI %SRC %LOGIN %METHOD redir
>
> If i use the acl redir_program and the autentication is not configured the user logged is "-"
>
> How can i do that with external acl. I need use external acl to modified the entry log with %ea variable.
>
> Best regard,
> Luis
>

%LOGIN is for passing the autentication helper credentials to the
external ACL helper. Doing a full login if needed.

For extenral ACL to produce credentials it needs to do whatever to
locate them in the background and passes the username back to Squid like so:

     OK user=username
or
     ERR user=suername

Amos

Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com

Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
Received on Thu Nov 24 2011 - 13:15:17 MST