On 8/01/2013 3:26 a.m., Grooz, Marc (regio iT) wrote:
Hi ,
i've got a question about a external_acl. We use an own external helper
to check if a user is in a particular group and then assign a special
outgoing ip address.
Here is an example:
external_acl_type HELPER ttl=3600 negative_ttl=300 children=10
concurrency=0 cache=0 grace=0 protocol=2.5 %SRC /path/to/helper
acl group1 external HELPER group1
acl group2 external HELPER group2
http_access allow group1
tcp_outgoing_address 1.2.3.4 group1
http_access allow group2
tcp_outgoing_address 1.2.3.5 group2
In the helper protocol I notice that squid try to reauthenticate User
that belongs to group2 every 10 minutes in group1, even when they
already allowed in group2. Is there an option that squid tell to
remember successful authentications?
There is no authentication taking pace above. Only authorization for
requests to be served by Squid using one of two IPs.
Why not have the helper checking which group they are part of and
tagging the request?
The helper gets passed the IP and both groups and in onel lookup returns
"OK tag=group1" or "OK tag=group2"
Making the ACLs these:
acl groups external HELPER group1 group2
acl group1 tag group1
acl group2 tag group2
Then you adjust http_access like so:
http_access allow groups
Amos
