[squid-dev] effective acl for tcp_outgoing_address

Eliezer Croitoru ngtech1ltd at gmail.com
Thu Jan 14 11:36:12 UTC 2021

It's more of an users question.

Just to clear it out, the tcp_outgoing_address is a fast acl just when the decision is "required"
You can "pre-cook" the value of a specific note when the connection is only at the first http_access level.
An example for a setup which does probably what you want based on htaccess passwords you can here:

It's a vagrant lab which demonstrate this.

Let me know if it helps you or you need clarification.

Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
Zoom: Coming soon

-----Original Message-----
From: squid-dev <squid-dev-bounces at lists.squid-cache.org> On Behalf Of Hideyuki Kawai
Sent: Thursday, January 14, 2021 2:48 AM
To: squid-dev at lists.squid-cache.org
Subject: [squid-dev] effective acl for tcp_outgoing_address

Hi, this is Kawai.

Please let me send inquiry as followings.

### Requirement ###
1. Kerberos auth with Active Directory	: auth_param ..... 	<- Success
2. "Security group" check which is gotten from AD : external_acl_type ...(using ext_kerberos_ldap_group_acl)   <- success
3. Different outgoing IP based on "Security group" : tcp_outgoing_address + external_acl  <- fail

### Inquiry ###
1. "external_acl" can not use on tcp_outgoing_address. Because the external_acl type is slow.
   My understanding is correct?
2. If yes, how to solve my requirement?

Please let me inform your comment and knowledge.
Thanks in advance.

h.kawai at ntt.com
squid-dev mailing list
squid-dev at lists.squid-cache.org

More information about the squid-dev mailing list