[squid-users] issue with tcp_outgoing_address and external acl

Amos Jeffries squid3 at treenet.co.nz
Fri Mar 6 00:39:41 UTC 2015

On 6/03/2015 10:35 a.m., Alberto Perez wrote:
> Thanks Amos  for the link, I understand tcp_outgoing_address only
> works with fast acl and external acls are slow.
> In order to mitigate this fact and achieve my purpose of share traffic
> among two links depending only of username, who can recommend me a
> workaround?

In the current (3.4+) Squid you can use the note ACL to check user=
exists. It is a fast ACL check and does not do anything to trigger auth
when its absent. It will match usernames added by non-auth helpers as well.

To specifically limit it to HTTP authenticated users you can also check
the raw HTTP "Proxy-Authentication" header contents with req_header ACL


> I was working in mantaining of IPs for those users special, once the
> user login or logout from captive portal I update the list if IPs to
> be used as SRC acl combined with tcp_outgoing_address and worked like
> a charm except for the fact that squid only notice this change if I
> reload configuration, which is a heavy reason to consider another
> solutions.
> It is possible to setup a ttl for this SRC acl, how can I make squid
> note the change in this list without reloading configuration.

SRC is the client IP the request message was received from. Its part of
the mesage, there is nothing stored to have a TTL.


More information about the squid-users mailing list