[squid-users] squid with quota limit using external helper problem !
Amos Jeffries
squid3 at treenet.co.nz
Mon Sep 4 15:23:14 UTC 2017
On 04/09/17 21:09, Ahmed Alzaeem wrote:
> Hi amos , thanks for the kind response .
>
> i denied to rebuild squid without IPV6 support and seems now no error in
> helper .
>
>
> i just curious to know about the auth directors in squid how should i
> arrange it :
>
> acl localnet src all
>
> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
> acl ncsa_users proxy_auth REQUIRED
> auth_param basic children 1000
>
> external_acl_type bandwidth_check ttl=0 %SRC /usr/local/bin/bandwidth_check
> acl bandwidth_auth external bandwidth_check
> http_access allow localnet bandwidth_auth
> http_access deny localnet !bandwidth_auth
> ###################################################
> http_access allow ncsa_users
>
>
> is above correct sequence to block any user exceeded quota ?
I put comments under each problematic line in my last post about the
problems in that http_access sequence. The config has not changed, so
they are all still occuring.
> also should i use
> external_acl_type bandwidth_check ttl=0 %SRC /usr/local/bin/bandwidth_check
>
> or
>
> external_acl_type bandwidth_check ttl=0 %SRC %LOGIN
> /usr/local/bin/bandwidth_check
>
> or
>
> external_acl_type bandwidth_check ttl=0
> *%EXT_USER* /usr/local/bin/bandwidth_check
>
That is up to you, and depends on what you want the helper to be checking.
%LOGIN supplies the HTTP authentication login. It will trigger a full
authentication sequence if there are no credentials, so place all uses
of ACLs involving this after your ncsa_users login check.
%EXT_USER supplies the user= value some earlier external_acl_type helper
produced. You do not seem to have any other external ACL helpers - so
this is probably not for you.
If you have a mix of authentication methods happening you might want the
%un code.
Amos
More information about the squid-users
mailing list