[squid-users] cache_peer selection based on username

roee klinger roeeklinger60 at gmail.com
Tue Jan 12 13:06:05 UTC 2021 

Hey Amos,
Thanks, I fixed the keys with the proper "_" character.
Seems like I was in a hurry and did some config mistakes, "proxy0.2" and
"proxy0.3" are supposed to be "proxy1" and "proxy2".
Regarding the helper, I also forgot to mention, I am using 2 helpers, one
for IP whitelisting and one for username authentication,
in the example I provided I am using IP whitelisting, the naming is wrong,
please see the fixed config.

acl mynote1 note mykey_ note1
acl mynote2 note mykey_ note2

external_acl_type IP_whitelist_external children-max=20 ttl=300 %>lp %>a
script.sh
acl whitelisted_IP external IP_whitelist_external
http_access allow whitelisted_IP

nonhierarchical_direct off
never_direct allow all
cache_peer 192.168.8.1 parent 101 0 proxy-only default name=proxy1
cache_peer_access proxy1 allow mynote1
cache_peer_access proxy1 deny all
cache_peer 192.168.8.2 parent 102 0 proxy-only default name=proxy2
cache_peer_access proxy2 allow mynote2
cache_peer_access proxy2 deny all

Then, on the external helper, I return one of these two:

OK mykey=note1
OK mykey=note2

For the authentication helper, I did not look into it but contrary to my
belief it seems auth_param does not support defined keywords,
so I guess I will have to follow your advice by adding %un to
my user_whitelist_external helper, is there any way to do this with
auth_param?
what exactly do you mean to send it as a group name?

Roee.



On Tue, Jan 12, 2021 at 11:59 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 12/01/21 9:17 pm, Eliezer Croitoru wrote:
> > Hey Amos,
> >
> > One thing that the auth helper cannot do with this note is the ttl.
> > The auth ttl is different then the request IP binding/routing.
>
> That can be added in via the the key_extras detail.
>
> Though I am still worried that the OP *only* asked about routing by
> "username" then their apparently working solution has nothing to do with
> users or usernames at all.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210112/5cb6d614/attachment.htm>

More information about the squid-users mailing list