Re: [squid-users] http_reply_access & LDAP external acl

From: Henrik Nordstrom <[email protected]>
Date: Wed, 21 Apr 2004 18:09:29 +0200 (CEST)

On Wed, 21 Apr 2004 Horst.Mundt@arxes.de wrote:

> It seems like the problem only occurs in conjunction with the
> http_reply_access.
>
> Any ideas? (My current workaround is a script that reads the admins group
> from the LDAP-directory and writes the members into a file. Told squid to
> read the "admins" acl from the file instead of the LDAP-directory. That
> basically works but is not really elegant )

http_reply_access is somewhat limited in Squid-2.5 in that it cannot wait
for any form of external lookup to complete (external, dns etc).

You can work around this quite well (but not 100%) by making sure the same
acls is evaluated in http_access, allowing Squid to cache the result
before processing your http_reply_access rules. A simple method to have
acls evaluated in http_access without affecting the http_access outcome is
to use combine them with a dummy acl that will never match anything

acl nothing src 0.0.0.0/32

http_access deny acl_that_needs_to_be_evaluated nothing

somewhere before where access is allowed..

Regards
Henrik
Received on Wed Apr 21 2004 - 10:09:31 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT