[squid-users] Question about: ext_session_acl Splash/Portal solution.

Klaus Tachtler klaus at tachtler.net
Tue Oct 17 04:57:06 UTC 2017 

Hi Amos,

first of all, thank you for help and advise, BUT I have still a  
problem - see my latest try:

--- code ---

# Set up the session helper in active mode. Mind the wrap - this is  
one line: - MODIFIED -
external_acl_type session concurrency=100 ttl=3 negative_ttl=0  
children-max=1 %SRC /usr/lib64/squid/ext_session_acl -a -T 60 -b  
/var/lib/squid/sessions/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN

# Normal session ACL as per simple example
acl session_is_active external session

# ACL to match URL - MODIFIED -
acl clicked_login_url url_regex -i http://my.page.net/html/accept.php

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display - MODIFIED -
deny_info 511:splash.php session_is_active

--- code ---

1.) I changed in the external_acl_type from: %LOGIN to: %SRC - after  
that NO authentication request against LDAP was done! - If I go back  
to %LOGIN a authentication request against LDAP comes as popup back!

2.) Disabled redirect insie the page -  
http://my.page.net/html/accept.php - so loading the page are done with  
200 and NO redirect inside - only the  
http://my.page.net/html/accept.php was displayed.

3.) deny_info uses now 511 and a "symbolic link" inside  
"/usr/share/squid/errors/templates" goes to the real location.

---> How it works <---

The splash.php page was shown. If I click on the submit button the  
http://my.page.net/html/accept.php was loaded and shown too, but after  
that it's NOT POSSIBLE to go to Google for example, the splash page  
was shwon over and over again! - I'm a little bit frustrated.

I use the CentOS 7.4 squid version 3.5.20 which comes with the base  
repository.

Thank you so much for your patience and help!
Klaus.


-- 

------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 3120 bytes
Desc: Öffentlicher PGP-Schlüssel
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171017/e2e68b97/attachment.key>

More information about the squid-users mailing list