[squid-users] cache_peer selection based on username

Mon Jan 11 09:03:06 UTC 2021

In the next example I wrote a whole setup:

https://github.com/elico/vagrant-squid-outgoing-addresses

Specifically it would look something like:

https://github.com/elico/vagrant-squid-outgoing-addresses/blob/master/shared/note.rb#L82

it’s as a line like:

echo “OK x_note=100 ip=100”

The in squid use an acl like this:

https://github.com/elico/vagrant-squid-outgoing-addresses/blob/9221a73394ced582fec84bc42abfaae3c9a364b3/shared/collect-32-subnet-addresses.rb#L17

ie:

echo "acl #{ip_map[key]} note ip #{acl_name.match(/([0-9]+)/)[1]}" |tee -a /etc/squid/conf.d/acl-to-ip.conf

It’s better to run the lab and see the content of the conf files to understand it.

You will need VirtualBox and Vagrant to power up this lab.

Later I might be able to record a video of this but not sure yet about this.

Eliezer

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

Zoom: Coming soon

From: roee klinger <roeeklinger60 at gmail.com> 
Sent: Sunday, January 10, 2021 5:51 PM
To: squid-users at lists.squid-cache.org
Cc: Eliezer Croitoru <ngtech1ltd at gmail.com>
Subject: Re: [squid-users] cache_peer selection based on username

So basically I return a note with the “OK” response, which can be any string, for example “100”.

Then, I can use “100” as a normal ACL in squid.conf?

Thanks

On Jan 10, 2021, at 17:36, Eliezer Croitoru <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> > wrote:

You should use a note acl for that.

When you return the whitelisted client you should add a note which can be 1-100 or any other static string.

It works just out of the box.

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

Zoom: Coming soon

From: squid-users <squid-users-bounces at lists.squid-cache.org <mailto:squid-users-bounces at lists.squid-cache.org> > On Behalf Of roee klinger
Sent: Sunday, January 10, 2021 5:33 PM
To: squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
Subject: [squid-users] cache_peer selection based on username

Hey,

I am trying to figure out the best way to select cache peers based on the client username, I have read extensively but I cannot figure out the best way to do it.

so far I have:

external_acl_type user_whitelist_external children-max=20 ttl=300 %>lp %>a script.sh

acl whitelisted_users external user_whitelist_external

http_access allow whitelisted_users

and:

nonhierarchical_direct off

never_direct allow all

cache_peer 192.168.8.1 parent 101 0 proxy-only default name=proxy1

cache_peer_access proxy1 allow whitelisted_users

cache_peer_access proxy0.2 deny all

cache_peer 192.168.8.2 parent 102 0 proxy-only default name=proxy2

cache_peer_access proxy2 allow whitelisted_users

cache_peer_access proxy0.3 deny all

ideally, script.sh checks if the request is authinticated and if it is, it selects the cache peer to use, is there some kind of way to achieve this with "Defined keywords" to select which cache peer to use or am I looking at this the wrong way?

What would be the best way to accomplish this?

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210111/5d67ad6e/attachment.htm>