tis 2006-06-13 klockan 15:24 -0400 skrev Jean-Francois Levesque: > The first redirector is our home made redirector. This redirector check > into a memcache (http://www.danga.com/memcached/) server if a user is > authenticated. If not, the user is redirected to a portal page which can > authenticate or identify a user from many modules (ident, ntlm, basic > auth, cookie, etc.).
I assume user == client IP in this. I would move this into an external acl with negative_ttl=0, and do the redirection to the login page via deny_info. Apart from having the opportunity to perform significantly better thanks to the possibility of caching the lookup, it also makes the log quite sane. Using the redirector interface for access controls works sort of, but not at all what it's meant to be doing. Access controls is meant to be done via ACLs and external acls brings the same capabilities (and a lot more) as redirectors. You should even be able to write a thin skin on top of squidguard (or trivially modify it) to have it called as an external acl if you like, if you for some reason feel the squidguard ruleset is better than the Squid acls. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
