[squid-users] External ACL TTL not working as expected

Alberto Perez alberto2perez at gmail.com
Fri Jan 30 20:15:36 UTC 2015


Hello to everyone,

First of all thanks for the support and for this awesome product.

I'm developing a captive portal with squid 3.4.9 over ubuntu 14.04

Here is my external acl configuration

external_acl_type session_active_def ipv4  %SRC
/etc/squid3/captive/sessionHelper.php  concurrency=100 children=1 -a
-f ttl=1  negative_ttl=0 startup=2 idle=1

acl password external session_active_def

deny_info https://proxy-bump.upr.edu.cu/?url=%u password


And the captive portal autenticate users against Active directory and
save authorization data to memcache server on the same proxy server.

External acl sessionHelper.php  checks for those authorization data in
the memcached server. I have not authentication, only authorization by
ip using that external acl and returning autenticated user so squid
log the username information.

Everything works like a charm except for the frequency squid checks
for those authorization data in the external acl, I has tried every
configuration sample found in the internet but without success, ttl
parameter of external acl doesnt works for me.

Session login and logout doesn't work as expected due to squid doesn't
check this external acl frecuently enough, user can surf after closed
session (removed user authorization data from memcache server) because
squid doesn't authorize anymore same ip requests using the external
acl.

Only way I found to force squid to check for the acl was reloading
configuration like /usr/sbin/squid3 -k reconfigure

But this gives me lot of instability  because squid stop accepting
connections for the time it is reloading configuration, I have lot of
people opening and closing sessions so right now squid is reloading
each minute to cover that demand.

My question: is there a way to force squid to check the external acl
each 1 second or just for every request without reloading
configuration.

I've tried all for over a month and you are my last resort, please
help, and forgive my english also.

Grateful

Alberto


More information about the squid-users mailing list