I would be very pleased about a hint that solves our following problem. It seems simple but I could not yet find a squid configuration that works.
We have a list of about 12,000 Hostnames. Users should be forced to authenticate if they request an URL from one of these Hosts. Any other host in the internet not contained in the list should be accessible without authentication.
We have tried the following configuration using two squid proxies:
- Proxy A (located in the computing center) should be the proxy which is publicly available to our user community. Users should configure their browsers to use this proxy.
Proxy A should test if a requested hostname is contained in our list mentioned above. If not contained, proxy A should forward the request directly to the host in question.
If contained in the list proxy A should forward the request to proxy B as a peer.
- Proxy B (located in the library) has an authentification scheme using squidguard. I should mention that, from the performance point of view, proxy B is unable to route all the traffic of our community. It can only handle requests to hosts contained in our list.
Proxy B works very fine. Proxy A does make problems.
Up to now we have tested two different configurations of proxy A. None of these works. Our first try was:
external_acl_type restricted-area %DST \ /usr/local/squid/bin/check-if-restricted acl our-community src xxx.yyy.0.0/255.255.0.0 acl restrictedacl external restricted-area http_access allow our-community http_access deny all cache_peer_access proxy-b.our-domain.de allow restrictedacl
The problem with this is that the program check-if-restricted which checks if the host is contained in our list, is never called, neither for hosts in our list nor for other hosts.
Our second try was to use squidguard also for proxy A. Here, the acl control rules from squidguard cannot be reused within squid (as far a I know).
Can someone of you give me a hint?
Thanks from Frankfurt, Eberhard
-- Dr. Eberhard Pietzsch Stadt- und Universit�tsbibliothek Frankfurt a.M. Elektronische Dienste Bockenheimer Landstr. 134-138 D - 60325 Frankfurt am Main Tel.: (+49) 69 212 44 505
