On Fri, 13 Jan 2006, Adolfo Mussi wrote:
> I want to make squid ask for authentication only for
> certain content-type of the http response. For all
> other content-type I don't want the browser to raise
> authentication popup window.
authentication has to take place before the request is forwarded, and the
content type of the response is not yet known then...
the closest you can get in an efficient manner is by guessing based on
URL/file extensions etc.
> The solution I've in mind is to make an external acl
> helper that retrieves only the http header of the url
> and scan it for content-type. To do so I'll have to
> patch squid to implement the %PATH external_acl_type
> fromat parameter (backporting some code from actual
> devel-branch to my squid version 2.5-stable3 on redhat
> enterprise 3 U3). I know this is a communication
> overhead, but I can't figure out a better solution.
> Anybody has a better solution?
The %PATH and a number of other interesting external acl extensions can be
found in the "cerberian" patch for 2.5.
You could in theory also do the authentication in http_reply_access,
dropping the already received reply if authentication is required. Should
give less overhead than the above external acl approach..
But http_reply_access is not so kind to authentication today, but if you
are willing to dig into the code a bit it should not be too hard to get
that running.
Regards
Henrik
Received on Fri Jan 13 2006 - 07:17:08 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST