[squid-users] issue with tcp_outgoing_address and external acl

Alberto Perez alberto2perez at gmail.com
Fri Mar 6 05:13:01 UTC 2015


Thank you Amos,

As always you hit it, it worked fine with note acl.

I really appreciate your time to support this community, great help
today. Thanks a lot

God Bless you

Alberto


On 3/5/15, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 6/03/2015 10:35 a.m., Alberto Perez wrote:
>> Thanks Amos  for the link, I understand tcp_outgoing_address only
>> works with fast acl and external acls are slow.
>>
>> In order to mitigate this fact and achieve my purpose of share traffic
>> among two links depending only of username, who can recommend me a
>> workaround?
>>
>
> In the current (3.4+) Squid you can use the note ACL to check user=
> exists. It is a fast ACL check and does not do anything to trigger auth
> when its absent. It will match usernames added by non-auth helpers as well.
>
> To specifically limit it to HTTP authenticated users you can also check
> the raw HTTP "Proxy-Authentication" header contents with req_header ACL
> type.
>
> Amos
>
>
>> I was working in mantaining of IPs for those users special, once the
>> user login or logout from captive portal I update the list if IPs to
>> be used as SRC acl combined with tcp_outgoing_address and worked like
>> a charm except for the fact that squid only notice this change if I
>> reload configuration, which is a heavy reason to consider another
>> solutions.
>>
>> It is possible to setup a ttl for this SRC acl, how can I make squid
>> note the change in this list without reloading configuration.
>
> SRC is the client IP the request message was received from. Its part of
> the mesage, there is nothing stored to have a TTL.
>
> Amos
>
>


More information about the squid-users mailing list