Hi,
I would like to be able to output the request proxy auth user name on
the error page, so that I can determine the cause of the failure (ie,
check the blocked access flag for the user) using a CGI and give the
user a useful error page.
The attached patch (against 2.2 stable5, also works with 2.4 stable1)
adds a %r variable, that implements what I have suggested above.
A sample usage of this is:
<html>
<head>
<meta http-equiv="REFRESH" content="1;
url="http://127.0.0.1/cgi-bin/axsdenied?user=%r">
</head>
<body>
Please wait... If are being automatically transferred to a
<A HREF="http://127.0.0.1/cgi-bin/axsdenied?user=%r">different page</A>.
</body>
</html>
The alternative is to use two ACLS, eg:
acl check_access_flag ...
acl authenticated_with_ldap ...
deny_info ERR_BAD_PASSWORD authenticated_with_ldap
deny_info ERR_NO_ACCESS check_access_flag
http_access allow check_access_flag authenticated_with_ldap
This is not an optimal solution as it would require two requests to the
LDAP database.
Please review, and submit to CVS if appropriate.
Sean
Only in squid.mod/auth_modules/getpwnam: Makefile
Only in squid.mod/src: .errorpage.c.swp
diff -u -r squid-2.2.STABLE5/src/errorpage.c squid.mod/src/errorpage.c
--- squid-2.2.STABLE5/src/errorpage.c Wed Jul 11 08:57:57 2001
+++ squid.mod/src/errorpage.c Wed Jul 11 08:48:49 2001
@@ -403,6 +403,7 @@
* M - Request Method x
* p - URL port # x
* P - Protocol x
+ * r - User Ident (From proxy-auth or ident) x
* R - Full HTTP Request x
* S - squid signature from ERR_SIGNATURE x
* s - caching proxy software with version x
@@ -486,6 +487,9 @@
break;
case 'P':
p = r ? ProtocolStr[r->protocol] : "[unkown protocol]";
+ break;
+ case 'r':
+ p = r ? r->user_ident : "[unknown user]";
break;
case 'R':
if (NULL != r) {
Received on Wed Jul 11 2001 - 15:23:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:06 MST