[squid-users] external acl and squids

From: Lasse Laursen <laursen@dont-contact.us>
Date: Tue, 8 Feb 2005 20:31:45 +0100

Hi all!

We have developed a solution for a client of ours where users are filtered
based on the IP address, agent and a unique cookie (IP, MD5(agent),
unique_cookie). We use an external acl for this purpose:

external_acl_type my_app negative_ttl=120 ttl=120 children=75 %SRC
%{User-Agent} %{Cookie} /path/to/my_app.pl

The check is rather database intensive so once we have allowed/denied a user
access we would like to limit the number of further requests on our acl
programs for the amount of time specified in the TTL paramerer for this
particular user (prevent him from hammering our databases with reloads,
etc.) - eg. the user gets an OK and this user is allowed access through the
proxy for 120 seconds without any further calls to our acl program - similar
scenario for the users that gets an ERR message.

So I was wondering - exactly how does Squid (3.0-PRE3 in our case) identify
a user? Is it {IP, agent} or exactly how is the unique user identified again
by the proxy server?

Regards

--
Lasse Laursen · VP, Hosting Technology
NetGroup Processing Aps
Phone: +45 3370 1526 · Fax: +45 3313 0066 
Received on Tue Feb 08 2005 - 12:32:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST