Squid 3.1.0.17
Ok, I'm able to get some of this working right... Although it's not
quite what I expected for results. My config is below...
First, I think since I have myserver in the acl then the AUP page
doesn't display if the user has their home page set to
"http://www.myserver.com".
Secondly, when one computer gets the AUP subsequent computers will not
be prompted with the AUP. The first computer to attempt to get to the
internet gets the AUP all the others do not. Of course, resetting squid
frees up the cache and then the first user after the restart will be
prompted. My assumption in reading is that the %SRC is supposed to key
the session identifier for the IP address of the requesting user.
I did notice the following in my logs and I wonder if this could be my
issue:
30/Mar/2010,14:56:08,
220,127.0.0.1,TCP_MISS/200,3150,GET,http://www.google.com/firefox?,-,DIR
ECT/208.69.36.231,text/html
Shouldn't my workstation show as the true IP address and not localhost
(127.0.0.1)? I am running dansguardian on this server but that should
be taking place after my connection. It would make sense that the first
workstation authenticating with 127.0.0.1 would authorize in this
case... If this is what my problem is, why is localhost showing instead
of the real IP address? The dansguardian log does show the correct IP
address... Oh wait... I'm connecting to 8080 which is dansguardian
which forwards to squid @ 3128... oh my... How am I going to fix this?
The docs for squid_session (http://linuxreviews.org/man/squid_session/)
State: "http://your.server/bannerpage to display a session startup page
and then redirect the user back to the requested URL given in the url
query parameter."
I can't seem to figure out what to do on the AUP html page. Is there
anything additional I need to do or just forward the user on?
(I've played around with the negative_ttl a bit; if I set it to say 300,
then I cannot progress pass the AUP.)
acl to_localbox dst 192.168.80.5/32
acl myserver dst 64.8.132.1/32
external_acl_type session ttl=300 children=20 negative_ttl=10
concurrency=200 %SRC /usr/lib/squid/squid_session -t 3600
acl session external session
acl localnet src 192.168.80.0/23
http_access allow myserver (this is my webserver that I want to
allow unrestricted access to)
http_access allow to_localbox (since I have an AUP html file on this
web server; allow access)
deny_info http://192.168.80.5/index.html?url=%s session (sets up the
session html page; redirect connection here)
http_access deny !Safe_ports (default config from squid; it is defined
I just didn't cut and paste the ACL for it)
http_access deny !session ( if you don't have a session defined
then no way; you're stuck)
http_access allow session
http_access deny all
Received on Tue Mar 30 2010 - 21:15:07 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 31 2010 - 12:00:06 MDT