Re: Log redirector output patch

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 13 Jun 2006 23:26:52 +0200

tis 2006-06-13 klockan 15:24 -0400 skrev Jean-Francois Levesque:

> The first redirector is our home made redirector. This redirector check
> into a memcache (http://www.danga.com/memcached/) server if a user is
> authenticated. If not, the user is redirected to a portal page which can
> authenticate or identify a user from many modules (ident, ntlm, basic
> auth, cookie, etc.).

I assume user == client IP in this.

I would move this into an external acl with negative_ttl=0, and do the
redirection to the login page via deny_info. Apart from having the
opportunity to perform significantly better thanks to the possibility of
caching the lookup, it also makes the log quite sane.

Using the redirector interface for access controls works sort of, but
not at all what it's meant to be doing. Access controls is meant to be
done via ACLs and external acls brings the same capabilities (and a lot
more) as redirectors.

You should even be able to write a thin skin on top of squidguard (or
trivially modify it) to have it called as an external acl if you like,
if you for some reason feel the squidguard ruleset is better than the
Squid acls.

Regards
Henrik

Received on Tue Jun 13 2006 - 15:26:56 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 30 2006 - 12:00:02 MDT