<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> squid-users <squid-users-bounces@lists.squid-cache.org> on behalf of Amos Jeffries <squid3@treenet.co.nz><br>
<b>Sent:</b> Tuesday, December 12, 2017 1:03 AM<br>
<b>To:</b> squid-users@lists.squid-cache.org<br>
<b>Subject:</b> Re: [squid-users] Groups and authorization SQUID</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:10pt;">
<div class="PlainText">On 12/12/17 09:48, Edwin Quijada wrote:<br>
> <br>
> ------------------------------------------------------------------------<br>
> *From:* Antony Stone<br>
> On Saturday 09 December 2017 at 15:35:51, Edwin Quijada wrote:<br>
> <br>
>> > On Friday 08 December 2017 at 22:08:33, Edwin Quijada wrote:<br>
>> > <br>
>> > > I have 4 different groups in my company each group has access different<br>
>> ><br>
>> > Please explain what "access different" means.<br>
>> <br>
>> The first group has accees to 2 pages, second 3 differents pages and 3 and<br>
>> 4 everything<br>
> <br>
> Okay, understood.<br>
> <br>
<br>
FYI: please be aware that HTTP has no concept of "page". That is a human <br>
UI concept. Squid and HTTP deal only with messages about URLs. A "page" <br>
as we know it can be many different transactions and URL messages.<br>
<br>
We can get into that more later when you have auth working, just be <br>
aware for now that there is no natural connection between auth <br>
credentials and "page".<br>
</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">OK, I understood. My problem then is when Squid shows the authorization screen I put the credentials but doenst work ,
<br>
</div>
<div class="PlainText">This is a simple helper but doesnt work, it continues ask me for user/pass</div>
<div class="PlainText"><br>
</div>
<div class="PlainText"><br>
> This helper that I created<br>
> <?php<br>
> <br>
> $f = fopen("php://stdin", "r");<br>
> while (!(feof($f))) {<br>
> $line = fgets($f);<br>
> if ($line) {<br>
> $fields = explode(' ', trim($line));<br>
> $username = rawurldecode($fields[0]);<br>
> $password = rawurldecode($fields[1]);<br>
> //<br>
> if ($username=="edwin" && $password=="1234")<br>
> fwrite(STDOUT, "OK\n");<br>
> else<br>
> fwrite(STDOUT, "ERR\n");<br>
> }<br>
> }<br>
> ?><br>
> This helper is just for testing , but when I tested it doent work<br>
> <br>
<br>
What are your squid.conf settings using that helper?<br>
</div>
<div class="PlainText">
<div><br>
</div>
<div>#acl manager proto cache_object<br>
http_port 3128<br>
cache_dir ufs /var/spool/squid3 2048 16 256<br>
maximum_object_size 100 MB<br>
cache_swap_low 90<br>
cache_swap_high 95<br>
<br>
#--------------- Reglas de Autorizacion -------------<br>
auth_param basic program /usr/bin/php /root/squid_helper2.php<br>
auth_param basic children 20<br>
auth_param basic realm Proxy Quijada Usuario Y Clave<br>
auth_param basic credentialsttl 5 hours<br>
#----------------------------------------------------<br>
#------------- ACL de accesos para los usuarios------<br>
#----------------------------------------------------<br>
#<br>
#<br>
acl AuthenticatedUsers proxy_auth REQUIRED<br>
http_access allow AuthenticatedUsers<br>
#-------------------- ACL Puertos --------------------<br>
acl SSL_ports port 443<br>
acl Safe_ports port 80 # http<br>
acl Safe_ports port 21 # ftp<br>
acl Safe_ports port 443 # https<br>
acl Safe_ports port 70 # gopher<br>
acl Safe_ports port 210 # wais<br>
acl Safe_ports port 1025-65535 # unregistered ports<br>
acl Safe_ports port 280 # http-mgmt<br>
acl Safe_ports port 488 # gss-http<br>
acl Safe_ports port 591 # filemaker<br>
acl Safe_ports port 777 # multiling http<br>
<br>
acl CONNECT method CONNECT<br>
<br>
#---------------------- HTTP ACCES DEFAULT-------------<br>
<div>#http_access allow manager localhost<br>
#http_access deny manager<br>
#http_access deny !Safe_ports<br>
<br>
#http_access deny to_localhost<br>
#icp_access deny all<br>
#htcp_access deny all<br>
<br>
#---------------------- HTTP_ACCESS DE USUARIOS---------<br>
<br>
<br>
#======================================================================<br>
<br>
#Suggested default:<br>
refresh_pattern ^ftp: 1440 20% 10080<br>
refresh_pattern ^gopher: 1440 0% 1440<br>
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
refresh_pattern . 0 20% 4320<br>
<br>
</div>
<br>
</div>
<br>
</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">FYI: PHP has known problems that prevent it being a successful helper
<br>
language most of the time <br>
<<a href="https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F" id="LPlnk303532" previewremoved="true">https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F</a>>
<div id="LPBorder_GT_15131127911070.38336619866737986" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
<table id="LPContainer_15131127911040.6174403435929275" style="width: 90%; background-color: rgb(255, 255, 255); position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200); border-bottom: 1px dotted rgb(200, 200, 200);" role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td id="TextCell_15131127911050.661050838136916" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;" colspan="2">
<div id="LPRemovePreviewContainer_15131127911050.04289376443150417"></div>
<div id="LPTitle_15131127911060.7349099190890958" style="top: 0px; color: rgb(0, 120, 215); font-weight: 400; font-size: 21px; font-family: "wf_segoe-ui_light", "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; line-height: 21px;">
<a id="LPUrlAnchor_15131127911060.673027523210377" style="text-decoration: none;" href="https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F" target="_blank">Features/AddonHelpers - Squid Web Proxy Wiki</a></div>
<div id="LPMetadata_15131127911060.1756600162829025" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: 400; font-family: "wf_segoe-ui_normal", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;">
wiki.squid-cache.org</div>
<div id="LPDescription_15131127911070.5708473222538956" style="display: block; color: rgb(102, 102, 102); font-weight: 400; font-family: "wf_segoe-ui_normal", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;">
Perl, Python : Certain methods of writing output to stdout automatically append newline characters. Care must be taken that only one set of newlines are output with ...</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<br>
Squid bundles with *_fake_auth helpers you can base your code on when <br>
developing a custom helper. They handle the I/O with Squid properly for <br>
their matching Squid version and should be easily extended for doing <br>
actual auth checks.<br>
<br>
<br>
>> > How does it identify one group from another?<br>
>> <br>
>> Uhm...the structere are differents , really there are in different tables<br>
>> in my DB that is in the server<br>
> <br>
> So, you're doing an HTTP request to a web server, which then looks up <br>
> the user<br>
> in a database, and returns a result as an HTTP response...<br>
> <br>
> Surely it would be easier (and quicker / more efficient) to get Squid to<br>
> interrogate the database?<br>
> <br>
>> > > the problem is how can i do this ACL<br>
> <br>
> I wouldn't start from there, so I hope someone else here can suggest a <br>
> way of<br>
> getting this to work.<br>
> <br>
> <br>
> What made you start with this approach in the first place?<br>
> <br>
> Now, I changed the approach , I just want one group for everything and <br>
> other, localnet restricted,instead of use 4 groups just 2 one for admin, <br>
> other for<br>
> <br>
<br>
The weird thing is this use of a web server as an intermediary between <br>
Squid and the actual user/group database. What made you use it in the <br>
first place instead of connecting Squid to the database?</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">It just why the database is in another server and this DB doesnt have external access . IN this server just has an API responding request so I wanna use this for authorization. I cant connect directly to DB<br>
<br>
[ I am one of the people who can help you get it to work, but it is only <br>
with the trouble doing at all if there is a good reason. Auth is a <br>
complex enough topic already just by itself. ]</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">Thks for your help, I will continue trying to authorize with Squid
<br>
</div>
<div class="PlainText"><br>
<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" id="LPlnk977758" previewremoved="true">http://lists.squid-cache.org/listinfo/squid-users</a>
<div id="LPBorder_GT_15131127912050.08128430516999796" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
<table id="LPContainer_15131127912020.39200566957868566" style="width: 90%; background-color: rgb(255, 255, 255); position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200); border-bottom: 1px dotted rgb(200, 200, 200);" role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td id="TextCell_15131127912030.9696968293719186" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;" colspan="2">
<div id="LPRemovePreviewContainer_15131127912030.5123422605602719"></div>
<div id="LPTitle_15131127912030.9582523989873017" style="top: 0px; color: rgb(0, 120, 215); font-weight: 400; font-size: 21px; font-family: "wf_segoe-ui_light", "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; line-height: 21px;">
<a id="LPUrlAnchor_15131127912030.1544387210210325" style="text-decoration: none;" href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">squid-users Info Page</a></div>
<div id="LPMetadata_15131127912040.44402180921952206" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: 400; font-family: "wf_segoe-ui_normal", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;">
lists.squid-cache.org</div>
<div id="LPDescription_15131127912040.1739295429042076" style="display: block; color: rgb(102, 102, 102); font-weight: 400; font-family: "wf_segoe-ui_normal", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;">
squid-users -- General discussion relating to Squid. The membership of this list is thousands of Squid users from around the world About squid-users</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>