Re: [squid-users] Re: external acl code examples

Sat, 05 May 2012 16:09:36 -0700 

On 6/05/2012 10:55 a.m., Amos Jeffries wrote:

On 6/05/2012 8:09 a.m., E.S. Rosenberg wrote:

2012/5/3 Eliezer Croitoru<elie...@ngtech.co.il>:

On 02/05/2012 14:53, E.S. Rosenberg wrote:

2012/5/2 E.S. Rosenberg<e...@g.jct.ac.il>:

Hi,
I just thought I'd share the script I have for the squid side, maybe
someone finds it useful.
I wrote in PHP because I wanted to use prepared statements and am most 
familiar with PDO.

Now my logs have usernames but squid does not allow me to make
proxy_auth acls since I have no auth mechanism configured (this
particular squid instance is a museum piece - 2.6, soon to be
replaced), if this issue also exists in squid 3.1 then how would I
control users based on a username returned through an external ACL?

Thanks,
Eli

I stuck the script on my server, that makes an easier read then from
inside a mail:
http://kotk.nl/verifyIP.phps

Hope that helps,
Eli


i saw your external_acl app and it seems very nice.
i wrote another one on ruby that seems almost like that(a mimic for
practice).
and i was wondering about how do you plan to implement the proxy_auth acls? 
using AD? some other DB?

I am not usre I follow, do you mean how I intend to manage my lists of
usernames?
In that case I am pushing for the use of LDAP properties, then a
script will run every X time, determine whether or not the LDAP
database was changed since the last update (based on change
timestamps) and generate lists of usernames.
Currently we don't have a good way of managing this, I have some
sctipts that work based on the location of a user in our organization
but that is not always correct.
you mentioned something about the network infrastructure\CISCO if i remember 
right.

Yes, the link of IP->username is generated based on the radius logs of
the server that provides authentication for the wireless.

However as said squid tells me that since I have no auth-mechanism
fully setup I can't use proxy_auth lists so I wonder how can I use the
username I provided in the external acl in the rest of squid?
It is just a label to Squid. Authentication happened outside with no internal state other than teh external_acl_type format key to link it to anything. It can be used in logging with %eo log tag, or passed to other proxies as HTTP auth login with cache_peer login= option. 

Oops sorry %ue tag, not %eo.

Amos

Reply via email to