Re: [squid-users] Dynamic ACL with local auth
for dynamic assignment you could could use domian based ACLs they are slow match however you could make a list to do this with From: squid-users on behalf of Albert Shih Sent: Wednesday, May 8, 2024 00:55 To: ngtech1...@gmail.com Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Dynamic ACL with local auth Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
On 8/05/24 19:55, Albert Shih wrote: Le 06/05/2024 à 12:21:10+0300, ngtech1ltda écrit Hi, The right way to do it is to use an external acl helper that will use some kind of database for the settings. Ok. I will check that. The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task Ah, this is about equivalent to "just create life" level of simplicity. I expect that what you need is doable, but not in the way you are describing so far. (p-PS. If you can mention how much experience you have working with Squid configuration it will help us know how much detail we can skip over when offering options.) I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. So Squid needs to authenticate. Is that every request or on a per-resource (URL) basis? A) needs only simple auth setup or B) needs auth setup, with ACL(s) defining when to authenticate But the rule of access “allow/deny” are manage in other place through another application. What criteria/details is this other application checking? Can any of its decision logic be codified as a sequence of Squid ACL types checked in some specific order? How are you expecting Squid to communicate with it? So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. Please explain/clarify what **exactly** a "permission" is in your design? Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
Hey Albert, It's preferable to use an external ACL compared to reloading the squid conf in general. It will probably require to use external acl helper with the authenticated username as a detail which is being sent to the helper. Let's take an example.org squid.conf for the "project". On what ports squid listens? 80 and 443? It's a reverse proxy or a forward proxy which is defined in the client browser? An "auto" reload of squid can be done using couple of systemd triggers. If it's enough for you I can try to research how it can be done and we will go on from there. If you wish to choose the "dark" path of external_acl helper development I will also be happy to try and assist you in my spare time (which is not a lot these days). Eliezer -Original Message- From: Albert Shih Sent: Wednesday, May 8, 2024 10:55 AM To: ngtech1...@gmail.com Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Dynamic ACL with local auth Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
Hey Albert, The right way to do it is to use an external acl helper that will use some kind of database for the settings. The other option is to use a reloadable ACLs file. But you need to clarify exactly the goal if you want more then a basic advise. Eliezer -Original Message- From: squid-users On Behalf Of Albert Shih Sent: Monday, May 6, 2024 11:49 AM To: squid-users@lists.squid-cache.org Subject: [squid-users] Dynamic ACL with local auth Hi everyone, I like to know how (if it's possible) to create acl dynamically. What I try to do is to have peoples authenticated (user1, user2, user3, etc.) then for each user I like to create a set of acl. The problem is I cannot have the set of acl once for all, it's dynamically change in time. I can put the set of acl in anything, like static file, mysql db, etc... Performance is not a issue (no lot of users) but I really would like not to have restart squid each time the acl static file change. The authentication would be through htpasswd. What would be the best way to do it ? Regards. -- Albert SHIH 🦫 🐸 France Heure locale/Local time: lun. 06 mai 2024 10:44:28 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
[squid-users] Dynamic ACL with local auth
Hi everyone, I like to know how (if it's possible) to create acl dynamically. What I try to do is to have peoples authenticated (user1, user2, user3, etc.) then for each user I like to create a set of acl. The problem is I cannot have the set of acl once for all, it's dynamically change in time. I can put the set of acl in anything, like static file, mysql db, etc... Performance is not a issue (no lot of users) but I really would like not to have restart squid each time the acl static file change. The authentication would be through htpasswd. What would be the best way to do it ? Regards. -- Albert SHIH 🦫 🐸 France Heure locale/Local time: lun. 06 mai 2024 10:44:28 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users