Option Name:external_acl_type
Replaces:
Requires:
Default Value:none
Suggested Config:

	This option defines external acl classes using a helper program
	to look up the status

	  external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..]

	Options:

	  ttl=n		TTL in seconds for cached results (defaults to 3600
	  		for 1 hour)
	  negative_ttl=n
	  		TTL for cached negative lookups (default same
	  		as ttl)
	  children-max=n
			Maximum number of acl helper processes spawned to service
			external acl lookups of this type. (default 20)
	  children-startup=n
			Minimum number of acl helper processes to spawn during
			startup and reconfigure to service external acl lookups
			of this type. (default 0)
	  children-idle=n
			Number of acl helper processes to keep ahead of traffic
			loads. Squid will spawn this many at once whenever load
			rises above the capabilities of existing processes.
			Up to the value of children-max. (default 1)
	  concurrency=n	concurrency level per process. Only used with helpers
			capable of processing more than one query at a time.
	  cache=n	limit the result cache size, default is unbounded.
	  grace=n	Percentage remaining of TTL where a refresh of a
			cached entry should be initiated without needing to
			wait for a new reply. (default is for no grace period)
	  protocol=2.5	Compatibility mode for Squid-2.5 external acl helpers
	  ipv4 / ipv6	IP protocol used to communicate with this helper.
			The default is to auto-detect IPv6 and use it when available.

	FORMAT specifications

	  %LOGIN	Authenticated user login name
	  %EXT_USER	Username from previous external acl
	  %EXT_LOG	Log details from previous external acl
	  %EXT_TAG	Tag from previous external acl
	  %IDENT	Ident user name
	  %SRC		Client IP
	  %SRCPORT	Client source port
	  %URI		Requested URI
	  %DST		Requested host
	  %PROTO	Requested protocol
	  %PORT		Requested port
	  %PATH		Requested URL path
	  %METHOD	Request method
	  %MYADDR	Squid interface address
	  %MYPORT	Squid http_port number
	  %PATH		Requested URL-path (including query-string if any)
	  %USER_CERT	SSL User certificate in PEM format
	  %USER_CERTCHAIN SSL User certificate chain in PEM format
	  %USER_CERT_xx	SSL User certificate subject attribute xx
	  %USER_CA_xx	SSL User certificate issuer attribute xx

	  %>{Header}	HTTP request header "Header"
	  %>{Hdr:member}
	  		HTTP request header "Hdr" list member "member"
	  %>{Hdr:;member}
	  		HTTP request header list member using ; as
	  		list separator. ; can be any non-alphanumeric
			character.

	  %<{Header}	HTTP reply header "Header"
	  %<{Hdr:member}
	  		HTTP reply header "Hdr" list member "member"
	  %<{Hdr:;member}
	  		HTTP reply header list member using ; as
	  		list separator. ; can be any non-alphanumeric
			character.

	  %%		The percent sign. Useful for helpers which need
			an unchanging input format.

	In addition to the above, any string specified in the referencing
	acl will also be included in the helper request line, after the
	specified formats (see the "acl external" directive)

	The helper receives lines per the above format specification,
	and returns lines starting with OK or ERR indicating the validity
	of the request and optionally followed by additional keywords with
	more details.

	General result syntax:

	  OK/ERR keyword=value ...

	Defined keywords:

	  user=		The users name (login)
	  password=	The users password (for login= cache_peer option)
	  message=	Message describing the reason. Available as %o
	  		in error pages
	  tag=		Apply a tag to a request (for both ERR and OK results)
	  		Only sets a tag, does not alter existing tags.
	  log=		String to be logged in access.log. Available as
	  		%ea in logformat specifications

	If protocol=3.0 (the default) then URL escaping is used to protect
	each value in both requests and responses.

	If using protocol=2.5 then all values need to be enclosed in quotes
	if they may contain whitespace, or the whitespace escaped using \.
	And quotes or \ characters within the keyword value must be \ escaped.

	When using the concurrency= option the protocol is changed by
	introducing a query channel tag infront of the request/response.
	The query channel tag is a number between 0 and concurrency-1.