On Fri, 13 Jan 2006, Adolfo Mussi wrote:
I want to make squid ask for authentication only for certain content-type of the http response. For all other content-type I don't want the browser to raise authentication popup window.
authentication has to take place before the request is forwarded, and the content type of the response is not yet known then...
the closest you can get in an efficient manner is by guessing based on URL/file extensions etc.
The solution I've in mind is to make an external acl helper that retrieves only the http header of the url and scan it for content-type. To do so I'll have to patch squid to implement the %PATH external_acl_type fromat parameter (backporting some code from actual devel-branch to my squid version 2.5-stable3 on redhat enterprise 3 U3). I know this is a communication overhead, but I can't figure out a better solution.
Anybody has a better solution?
The %PATH and a number of other interesting external acl extensions can be found in the "cerberian" patch for 2.5.
You could in theory also do the authentication in http_reply_access, dropping the already received reply if authentication is required. Should give less overhead than the above external acl approach..
But http_reply_access is not so kind to authentication today, but if you are willing to dig into the code a bit it should not be too hard to get that running.
Regards Henrik
