On 01/12/18 5:24 pm, Amos Jeffries wrote:
On 2/12/18 12:15 am, Amish wrote:
Thank you for your quick response.
So if I pass %ul to external_acl_type, but dont use any auth_param,
squid dies with an error.
"Can't use proxy auth because no authentication schemes are fully
configured"
Is it possible for squid to not to die but instead warn and then just
pass "-" (dash) for %ul?
The %ul code will generate an auth challenge exchange if no username is
available. So the auth system must be setup with parameters to use in
that challenge.
Use %un for when username is optional.
With %un I have a problem.
I have referenced to external acl twice in my squid.conf.
Simplified setup:
external_acl_type ipuser queue-size=40 ttl=120 children-max=1
children-startup=1 concurrency=20 %>a %un /usr/lib/squid/ip_to_user
acl proxyuser external ipuser
http_access allow proxyuser restrictedports
http_access allow proxyuser restrictedsites
where some ports and some sites are allowed only for some users.
so when I try %un (with no auth param set), external acl helper gets
request two times.
First time with "-" and then again with username that external acl
helper itself replied with.
Squid sends: 1 127.0.0.1 - -
Helper reply: 1 OK user=local
Squid sends: 2 127.0.0.1 local -
(Dash at end is due to automatic addition of %DATA macro by squid)
1 was triggered by first http_access line and
2 was triggered by second http_access because %un is either %ul or %ue
(which is now known due to 1)
In my case, it becomes completely unnecessary and an additional processing.
That is why I was thinking of additional macro %uL (capital L)
Regards,
Amish.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
