[squid-users] R: R: nonce_garbage_interval problem?
Athos Fiolo
afiolo at came.com
Thu Oct 22 14:08:53 UTC 2015
Hi Amos.
> Please check if a helper lookup is being performed on each request as well as new nonce generated.
I guess you are right, but I don't know how to solve it.
cache.log doesn’t show restarts for the heelper, even if only 1/5 helper is started.
The output log of the helper shows no caching of the result (see later).
On the contrary, the external type helper shows the result is cached for 30s (correct).
squid.conf
auth_param digest program /usr/bin/php /etc/squid3/check_user.php
auth_param digest children 5
auth_param digest realm MySquidProxy
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 2 hours
auth_param digest nonce_max_count 50
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm MySquidProxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type reqtype_filter ttl=30 children-max=20 %LOGIN %DST %PORT %METHOD %URI %PATH /usr/bin/php /etc/squid3/check_request.php
acl auth_users proxy_auth REQUIRED
acl userx_auth proxy_auth userx
acl auth_reqtype external reqtype_filter
acl to_vpn dst 1.2.3.4/16
[...]
http_access allow userx_auth to_vpn #maybe better post-pone this line to the following one?
http_access allow auth_reqtype auth_users to_vpn
helper log (shows no result caching):
[2015-10-22 13:45:47] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:47] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:53] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:53] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:54] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:54] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:55] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
[2015-10-22 13:45:56] OK ha1="214404311caddffbc1c97d2323eeb123": "username":"MySquidProxy"
External acl type helper log (shows result caching for about 30s):
[2015-10-22 13:46:43] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:47:14] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:47:47] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:48:24] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:48:54] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:49:24] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:49:54] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:50:24] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:50:55] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:51:27] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:51:57] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:52:27] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:53:06] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
[2015-10-22 13:53:37] OK: username 1.2.3.4 80 POST http://1.2.3.4/myurl/ /myurl/
Athos Fiolo
Software Engineer
afiolo at came.com
CAME S.p.A.
More information about the squid-users
mailing list