[squid-users] Splash page issues

Darren B. "darrenjbreeze" at netvigator.com
Sat Jan 31 01:00:40 UTC 2015


Hi

I am trying to set up a router that is inline between the clients and 
the internet.

Everything is working as far as proxy operations, however i am now 
trying to set up a splash page that new clients are shown when they 
first connect.

The splash page is served off a copy of nginx running on the proxy server.

local.<domainname>.com is set up in hosts and the dns the clients use to 
point to the correct IP

I seem to be tangled up in ACL ordering. Whilst the redirect to the 
splash page works fine, the session db is not getting written to so the 
client never gets past the splash page.

Any guidance on this would be greatly appreciated.

thanks in advance

Darren B.

the relevant bits of the config are as follows.

----------------------------------------------------

acl localnet1 src 172.25.101.0/24       # RFC1918 possible internal network
acl localnet2 src 172.25.102.0/24       # RFC1918 possible internal network
acl localnet3 src 172.25.103.0/24       # RFC1918 possible internal network

acl localserver dstdomain local.<domainname>.com

http_access allow localhost
http_access allow localserver

#splash page

external_acl_type splash_page concurrency=100 ttl=60 %SRC 
/usr/lib/squid3/ext_session_acl -a -T 10800 -b 
/mnt/data/squid/session/session.db
acl existing_users external splash_page
http_access deny !existing_users
deny_info http://local.<domainname>.com?usr=%s existing_users

http_access allow localnet1
http_access allow localnet2
http_access allow localnet3

http_access deny !Safe_ports

-----------------------------------------------------------

my build of squid is

Squid Cache: Version 3.3.8
Ubuntu
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' 
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man' 
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' 
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' 
'--disable-maintainer-mode' '--disable-dependency-tracking' 
'--disable-silent-rules' '--datadir=/usr/share/squid3' 
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' 
'--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' 
'--enable-removal-policies=lru,heap' '--enable-delay-pools' 
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client' 
'--enable-follow-x-forwarded-for' 
'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' 
'--enable-auth-digest=file,LDAP' 
'--enable-auth-negotiate=kerberos,wrapper' 
'--enable-auth-ntlm=fake,smb_lm' 
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' 
'--enable-url-rewrite-helpers=fake' '--enable-ssl' '--enable-ssl-crtd' 
'--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' 
'--enable-ecap' '--disable-translation' 
'--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' 
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' 
'--with-large-files' '--with-default-user=proxy' 
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 
-fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE 
-pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 
'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 
-Wformat -Werror=format-security'








More information about the squid-users mailing list