[Squid external acl scheme - Configuration]

Configuration

external_acl_type type-name [options] [FORMAT..] /path/to/helper [helper arguments..]

This option defines external acl types using a helper to look up the status

The helper receives lines per the FORMAT specification, and returns OK or ERR indicating the validity of the request.

FORMAT specifications

%LOGIN

Authenticated user login name

%IDENT

Ident user name

%SRC

Client IP

%DST

Requested host

%PROTO

Requested protocol

%PORT

Requested port

%METHOD

Request method

%{Header}

HTTP request header

%{Header:member}

HTTP request header list member

%{Header:;member}

HTTP request header list member, using ; as list separator. ; can be any non-alphanumeric character.

In addition, any string specified in the referencing acl will also be included in the helper request line, after the specified formats

acl name external type-name [argument...]

Defines an acl that uses a external helper type 'type-name'.

The optional argument to the acl is included in the call to the helper, for example allowing the same LDAP group lookup helper external_acl_type definition to be used to match a number of different groups in different ACL's.

The helper receives lines per the above format specification, and returns lines starting with OK or ERR indicating the validity of the request and optionally followed by additional keywords with more details.

General result syntax:

OK/ERR keyword=value ...

Defined keywords:

user=

The users name (login)

error=

Error description (only defined for ERR results)

Keyword values need to be enclosed in quotes if they may contain whitespace, or the whitespace escaped using \. Any quotes or \ characters within the keyword value must be \ escaped.