[Squid external acl scheme - Configuration]

Configuration

external_acl_type type-name [options] [FORMAT..] /path/to/helper [helper arguments..]
This option defines external acl types using a helper to look up the status

The helper receives lines per the FORMAT specification, and returns OK or ERR indicating the validity of the request.

FORMAT specifications

%LOGIN
Authenticated user login name
%IDENT
Ident user name
%SRC
Client IP
%DST
Requested host
%PROTO
Requested protocol
%PORT
Requested port
%METHOD
Request method
%{Header}
HTTP request header
%{Header:member}
HTTP request header list member
%{Header:;member}
HTTP request header list member, using ; as list separator. ; can be any non-alphanumeric character.

In addition, any string specified in the referencing acl will also be included in the helper request line, after the specified formats

acl name external type-name [argument...]
Defines an acl that uses a external helper type 'type-name'.

The optional argument to the acl is included in the call to the helper, for example allowing the same LDAP group lookup helper external_acl_type definition to be used to match a number of different groups in different ACL's.

The helper receives lines per the above format specification, and returns lines starting with OK or ERR indicating the validity of the request and optionally followed by additional keywords with more details.

General result syntax:

OK/ERR keyword=value ...

Defined keywords:

user=
The users name (login)
error=
Error description (only defined for ERR results)

Keyword values need to be enclosed in quotes if they may contain whitespace, or the whitespace escaped using \. Any quotes or \ characters within the keyword value must be \ escaped.


Squid Now! Cache Now! Valid HTML 4.0! SourceForge
$Id: config.html,v 1.10 2002/07/06 00:31:15 hno Exp $