I am trying to use ext_session_acl but with no luck.
I have tried to configure the server with a slpash page and accept page
which doesn't seems like it works.
The splash page is at: http://www1.ngtech.co.il/splash.html
and the accept page is at: http://www1.ngtech.co.il/splash_splash.html
Now I am not sure how to set it all up.
I have seen posts in the past and I have tried to reuse the examples but
with no luck.
Maybe I missed something?
(squid.conf attached)
Eliezer
cache_effective_user proxy
strip_query_terms off
debug_options ALL,1 82,9 84,9
external_acl_type session_LOGIN_master concurrency=100 ttl=2 %SRC
/usr/local/squid/libexec/ext_session_acl -T 30 -b /var/squid/session.db -a
acl session_LOGIN external session_LOGIN_master LOGIN
external_acl_type session_ACTIVE_master concurrency=100 ttl=2 %SRC
/usr/local/squid/libexec/ext_session_acl -T 30 -b /var/squid/session.db -a
acl session_is_ACTIVE external session_ACTIVE_master
acl A dstdomain www1.ngtech.co.il
acl B urlpath_regex /splash.html /splash_accept.html
http_access allow A B
acl clicked_login_url url_regex -i http://www1.ngtech.co.il/splash_accept.html
http_access allow clicked_login_url session_LOGIN
http_access deny !session_is_ACTIVE
deny_info http://www1.ngtech.co.il/splash.html session_is_ACTIVE
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localnet !CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
http_port 13128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/usr/local/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 16MB
sslcrtd_children 10
ssl_bump server-first all
maximum_object_size 400 MB
cache_dir ufs /usr/local/squid/var/cache/squid 15000 16 256
coredump_dir /usr/local/squid/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
url_rewrite_children 4 startup=1 idle=2 concurrency=100
url_rewrite_program /opt/redirect/run1.rb
via off
forwarded_for delete
