Re: [squid-users] Cache_peer_access + NTLM groups

From: Henrik Nordstrom <[email protected]>
Date: Wed, 25 Aug 2004 19:14:30 +0200 (CEST)

On Wed, 25 Aug 2004, Dave Raven wrote:

> Is there any way that I might direct requests to different cache
> peers based on a group reply from an NTLM authentication?

Not reliably no. cache_peer_access only works reliably for fast acls where
Squid does not need to wait for any kind of external lookup to complete.

But if you make sure to evaluate the required acls in http_access and have
a sufficiently large ttl set for the external_acl_type then it will work
reasonably well and only very rarely will a request be routed the "wrong"
way.

acl's can be evaluated in http_access by using

http_access deny aclname !all

anywhere before your first accept rule. The !all makes sure the
http_access rule never triggers, making the only effect of the line that
the result of "aclname" is evaluated.

Regards
Henrik
Received on Wed Aug 25 2004 - 11:14:34 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT