Re: [PATCH] [2.5] external_acl_type cannot deal with client's source port

From: Vincent Deffontaines <vincent.deffontaines@dont-contact.us>
Date: Wed, 28 Jul 2004 09:31:30 +0200 (CEST)

Hi Henrik,

> Thanks for the patch but I am sorry to say this is a duplicated effort.

Oh my fault. I should have seen that.
So my new question is : any chance the %SRCPORT FORMAT string be accepted
in next 2.5 release?

As mentionned in my initial post, I have written an external acl helper
(based on ip_user, from Rodrigo Campos) that needs the SRCPORT to work.
It is available under GPL at http://www.inl.fr/article.php3?id_article=32

That small piece of software allows for strict and transparent user
authentication (SSO), including on transparent proxies. All it actually
performs is an SQL request on NuFW "conntrack" to get the user name from
IP and timeframe parameters. NuFW guarantees the returned username (if
one) is accurate.

Regards,

Vincent

>
> Please see
>
> http://devel.squid-cache.org/projects.html#external_acl_fuzzy
> and
> http://devel.squid-cache.org/external_acl/
>
> This work includes
>
> - %SRCPORT and a few other similar external_acl_format tags needed for
> this kind of operations.
>
> - An ident based external acl helper
>
> - A special cache mode for caching the ident reply and reuse it for all
> requests from the same client IP (optional, indended for use in Windows
> and other single-user environments).
>
> The new external_acl_type format tags has already been merged into
> Squid-3. The special cache mode has not yet been merged as it needs to be
> generalized a little more to fulfill the final goal of this feature.
>
> Regards
> Henrik
Received on Wed Jul 28 2004 - 12:01:43 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 31 2004 - 12:00:03 MDT