[squid-users] What happens when duplicate external_acl_type are mentioned

Amish anon.amish at gmail.com
Sat Dec 1 11:15:03 UTC 2018

On 01/12/18 3:41 pm, Amos Jeffries wrote:
> On 1/12/18 6:32 pm, Amish wrote:
>> ----------
>> Effectively squid.conf now has two external_acl_type lines with same
>> name. (ipuser)
>> First one has %ul and other one does not.
>>  From my tests - first one gets the priority and second one is ignored by
>> squid.
>> So my questions are:
>> 1) Can I assume this to be always true?
> Now that you have found the lack of error message on startup one will be
> added. It has not been a serious problem, so we are unlikely to make it
> more than an ERROR message and explicitly ignore the second (time will
> tell tough).

Thank you for your quick response.

So if I pass %ul to external_acl_type, but dont use any auth_param, 
squid dies with an error.

"Can't use proxy auth because no authentication schemes are fully 

Is it possible for squid to not to die but instead warn and then just 
pass "-" (dash) for %ul?

Passing "-" is what squid normally does when macro value is unknown.

Or can we have additional macro %uL (capital L)

%ul will die with error (existing behavior)
%uL will pass username if available else pass "-" (dash)

This way my external_acl_type will work with OR without proxy auth

All I need to change my external_acl_type in main.conf is to add %uL to it.

If this proposal is acceptable, I will try to create a PR.



More information about the squid-users mailing list