Jonne Hannon wrote:
> Hi,
>
> I'm currently upgrading Squid and Smartfilter to a supported combination of squid 2.6STABLE18 + Smartfilter 4.2.1. Included in this mix is a redirection program, written in c. The redirection program was written to intercept all proxy requests and query LDAP to check if the user has accepted Internet usage terms and conditions. If the user has not accepted or needs to re-confirm acceptance, the browser is redirected to the terms and conditions website. If the user has a valid acceptance record then they can continue on the requested website.
>
> The redirector program reads from buffered stdout, queries LDAP and writes back to stdout using fprintf. This worked in squid 2.5, but using squid 2.6, the browser appears to timeout with no error reported back to the user. There is no log entry in the access.log, but there is a log entry in store.log that looks like the following:
>
> 1204259653.333 RELEASE -1 FFFFFFFF AF6C1D6C4B3CEF474FB849A84B6F9371 200 1204256053 1204256053 1204259653 application/cache-digest 817/817 GET internal://xxx.xxx.xxx.xxx/squid-internal-periodic/store_digest
>
> It appears to me that squid 2.6 is not receiving the output back from the redirector. Can you please advise how I can troubleshoot this further?
>
Are you sure this is done with a rediretor? How is it getting its user
info to query LDAP? Redirectors receive a bare URI.
You would probably be better off using basic auth (against LDAP) and a
special deny_info for when it fails.
To prevent popups there is a config trick:
acl authUsers proxy_auth REQUIRED
acl dummy_auth src all
http_access allow authUsers dummy_auth
deny_info http://.../conditions.html dummy_auth
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Mon Mar 03 2008 - 00:58:31 MST
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:04 MDT