Provided by: squid-openssl_5.6-1ubuntu3_amd64
ext_session_acl - Squid session tracking external acl helper. Version 1.2
ext_session_acl [-t timeout ] [-b database ] [-a]
ext_session_acl maintains a concept of sessions by monitoring requests and timing out sessions. The timeout is based either on idle use ( -t ) or a fixed period of time ( -T ). The former is suitable for displaying terms and conditions to a user; the latter is suitable for the display of advertisements or other notices (both as a splash page - see config examples in the wiki online). The session helper can also be used to force users to re-authenticate if the %LOGIN and -a are both used.
-t timeout Idle timeout for any session. The default if not specified (set to 3600 seconds). -T timeout Fixed timeout for any session. This will end the session after the timeout regardless of a user's activity. If used with active mode, this will terminate the user's session after timeout , after which another LOGIN will be required. LOGOUT will reset the session and timeout. -b path Path to persistent database. If a file is specified then that single file is used as the database. If a path is specified, a Berkeley DB database environment is created within the directory. The advantage of the latter is better database support between multiple instances of the session helper. Using multiple instances of the session helper with a single database file will cause synchronization problems between processes. If this option is not specified the session details will be kept in memory only and all sessions will reset each time Squid restarts its helpers (Squid restart or rotation of logs). -a Active mode. In this mode sessions are started by evaluating an acl with the argument LOGIN , or terminated by the argument LOGOUT . Without this flag the helper automatically starts the session after the first request.
The ext_session_acl helper is a concurrent helper; therefore, the concurrency= option must be specified in the configuration. Passive session configuration example using the default automatic mode external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl acl session external session http_access deny !session deny_info http://your.server.example.com/bannerpage?url=%s session Then set up http://your.server.example.com/bannerpage to display a session startup page and then redirect the user back to the requested URL given in the url query parameter.
This program and documentation was written by Henrik Nordstrom <firstname.lastname@example.org> Andrew Beverley <email@example.com>
* Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. This program and documentation is copyright to the authors named above. Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
Questions on the usage of this program can be sent to the Squid Users mailing list <squid- firstname.lastname@example.org>
Bug reports need to be made in English. See http://wiki.squid- cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. Report bugs or bug fixes using http://bugs.squid-cache.org/ Report serious security bugs to Squid Bugs <email@example.com> Report ideas for new improvements to the Squid Developers mailing list <squid- firstname.lastname@example.org>
squid(8), GPL(7), The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ 9 October 2011 ext_session_acl(8)