Re: [squid-users] external acl and squids

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 8 Feb 2005 21:07:02 +0100 (CET)

On Tue, 8 Feb 2005, Lasse Laursen wrote:

> external_acl_type my_app negative_ttl=120 ttl=120 children=75 %SRC
> %{User-Agent} %{Cookie} /path/to/my_app.pl
>
> The check is rather database intensive so once we have allowed/denied a user
> access we would like to limit the number of further requests on our acl
> programs for the amount of time specified in the TTL paramerer for this
> particular user (prevent him from hammering our databases with reloads, etc.)
> - eg. the user gets an OK and this user is allowed access through the proxy
> for 120 seconds without any further calls to our acl program - similar
> scenario for the users that gets an ERR message.
>
> So I was wondering - exactly how does Squid (3.0-PRE3 in our case) identify a
> user? Is it {IP, agent} or exactly how is the unique user identified again by
> the proxy server?

User is irrelevant to the above acl.

Your external_acl type looks into "%SRC %{User-Agent} %{Cookie}" (plus any
additional keywords eventually specified in the acl referring to this
type). Each unique combination of these is sent to your helper and the
result is cached for the specified TTL.

Regards
Henrik
Received on Tue Feb 08 2005 - 13:07:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST