[squid-users] username from external_acl to url_rewrite_program
Amos Jeffries
squid3 at treenet.co.nz
Thu Feb 4 13:10:00 UTC 2016
On 5/02/2016 12:02 a.m., Andrew Lavrinenko wrote:
> Hello, everyone!
>
> In my configuration of squid not used authorization based on auth_param but
> user name was fetched from database throught self writed script. In squid
> 3.3 all works fine, but in 3.5 i have a problem, user name returned from
> script not sended to redirector program.
> squid.conf:
> ...
>
> url_rewrite_program /usr/bin/tee /tmp/squid.log
> url_rewrite_children 10 startup=5 idle=1 concurrency=0
> url_rewrite_bypass on
>
> external_acl_type ip_auth ttl=120 negative_ttl=1 children-max=8
> children-startup=2 protocol=2.5 %SRC /usr/local/bin/squid_ip_auth.pl
>
> acl authorized_ips external ip_auth
> http_access allow authorized_ips
> ...
>
> /tmp/squid.log:
> http://awaps.yandex.ru/8/8980/336280 192.168.0.114/grey-xp.int.rdw.ru - GET
> myip=192.168.0.226 myport=3128
>
> /var/log/squid/access.log:
> 1454582114.059 11 192.168.0.114 TCP_MISS/200 5137 GET
> http://awaps.yandex.ru/8/8980/336280 TECHCENTER\\sas HIER_DIRECT/
> 87.250.250.131 application/x-javascript
>
> any suggestions?
>
I suspect this is a side effect of the key-extras feature added in 3.5.
Does this attached patch help?
Amos
-------------- next part --------------
=== modified file 'src/format/Format.cc'
--- src/format/Format.cc 2016-01-01 00:14:27 +0000
+++ src/format/Format.cc 2016-02-04 13:03:14 +0000
@@ -812,6 +812,12 @@
#endif
if (!out)
out = strOrNull(al->cache.extuser);
+
+ if (!out && al && al->request && al->request->extacl_user.isEmpty()) {
+ if (const char *tmp = al->request->extacl_user.termedBuf())
+ out = tmp;
+ }
+
#if USE_OPENSSL
if (!out)
out = strOrNull(al->cache.ssluser);
More information about the squid-users
mailing list