Re: [squid-users] something better than using IP address?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 12 Jul 2008 23:59:44 +1200

Jian Wang wrote:
> Hi, all,
>
> Recently, we used Squid redirectors to solve an application problem.

Better to fix the application problem than to hack around it with
complication.

> Our redirectors are checking incoming requests against a database
> table to see if this IP has already accessed Squid--redirect only if
> ip is not in database.
>
> We now have the concern that it may cause problem when applying our
> application to a NATed or PATed network. In those networks, private IP
> addresses are not seen from the upper level router(on where our Squid
> is sitting). Therefore, it seems to be not possible for us make our
> redirectors work as expected.
>
> In our application, we don't want to use any user name + password for
> access authentication, our situation is that everyone is authorized.
>
> In the Squid redirector input string, we can only get IP address(plus
> FQDN at most, which doesn't help at all). Is there a way for Squid to
> solve this problem?

Try ACL, up to and including custom external_acl_type. They can check
based on just about anything you like and permit/deny redirection via
url_rewrite_access.

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
Received on Sat Jul 12 2008 - 11:59:42 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 12:00:04 MDT