Re: [squid-users] Disconnecting client per username?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 25 Apr 2013 22:06:41 +1200

On 25/04/2013 7:12 p.m., Wojciech Kubiak wrote:
> On 2013-04-23 13:34, Amos Jeffries wrote:
>> On 23/04/2013 9:44 p.m., Wojciech Kubiak wrote:
>>> Hi
>>>
>>> Is there any possibility to disconnect/kick/force reconnect a given
>>> squid user's session by his user name, other than simply restarting
>>> squid?
>>>
>>> I can't use the client's IP address to do this, because the
>>> connection between the client and the proxy server is running
>>> through a SSH tunnel.
>>
>> The only way to kick an existing connection is to identify the
>> IP:port and use TCP control tools to force the connection to die.
>>
>> The cachemanager system has access to a list of active client
>> connections. So it should be relatively easy to add a manager action
>> that locates and kills a client connectivity.
>> Patches to implement this addition to cachemgr are welcome in squid-dev.
>>
>> Amos
>
> On 2013-04-23 13:34, Amos Jeffries wrote:
>> On 23/04/2013 9:44 p.m., Wojciech Kubiak wrote:
>>> Hi
>>>
>>> Is there any possibility to disconnect/kick/force reconnect a given
>>> squid user's session by his user name, other than simply restarting
>>> squid?
>>>
>>> I can't use the client's IP address to do this, because the
>>> connection between the client and the proxy server is running
>>> through a SSH tunnel.
>>
>> The only way to kick an existing connection is to identify the
>> IP:port and use TCP control tools to force the connection to die.
>>
>> The cachemanager system has access to a list of active client
>> connections. So it should be relatively easy to add a manager action
>> that locates and kills a client connectivity.
>> Patches to implement this addition to cachemgr are welcome in squid-dev.
>>
>> Amos
>
> Thanks for your reply Amos.
>
> I wrote in my original message that I can't use IP:port for kicking
> because all clients connect to the proxy via a SSH tunnel. Because of
> this, all clients appear as coming from localhost in the logs and
> cachemanager.
>
> Or am I misinterpreting something?

Sort of. The cachemgr "active_clients" report gives a lot of details
about the client. You can scan it for clients with the username you are
searching for, and find from that the particular IP:port you will need
to do TCP level things to that connection. The IP may all be ocalhost,
but each client connection should will have a different port number.

Amos
Received on Thu Apr 25 2013 - 10:06:57 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 26 2013 - 12:00:04 MDT