]>
Commit | Line | Data |
---|---|---|
9e8f57e0 | 1 | .if !'po4a'hide' .TH ext_session_acl 8 "9 October 2011" |
b0c8f295 | 2 | . |
3 | .SH NAME | |
d632afde | 4 | ext_session_acl \- Squid session tracking external acl helper. |
83915266 | 5 | .PP |
9e8f57e0 | 6 | Version 1.2 |
b0c8f295 | 7 | . |
8 | .SH SYNOPSIS | |
c152a447 | 9 | .if !'po4a'hide' .B ext_session_acl |
83915266 AJ |
10 | .if !'po4a'hide' .B "[\-t" |
11 | timeout | |
12 | .if !'po4a'hide' .B "] [\-b" | |
13 | database | |
14 | .if !'po4a'hide' .B "] [\-a]" | |
b0c8f295 | 15 | . |
16 | .SH DESCRIPTION | |
c152a447 | 17 | .B ext_session_acl |
83915266 | 18 | maintains a concept of sessions by monitoring requests |
2be46d67 AB |
19 | and timing out sessions. The timeout is based either on idle use ( |
20 | .B \-t | |
21 | ) or a fixed period of time ( | |
22 | .B \-T | |
23 | ). The former is suitable for displaying terms and conditions to a user; the | |
2b61af8e | 24 | latter is suitable for the display of advertisements or other notices (both as a |
2be46d67 AB |
25 | splash page \- see config examples in the wiki online). The session helper can also be used |
26 | to force users to re\-authenticate if the | |
27 | .B %LOGIN | |
28 | and | |
29 | .B \-a | |
30 | are both used. | |
b0c8f295 | 31 | . |
83915266 AJ |
32 | .SH OPTIONS |
33 | .if !'po4a'hide' .TP 12 | |
34 | .if !'po4a'hide' .B "\-t timeout" | |
2be46d67 AB |
35 | Idle timeout for any session. The default if not specified (set to 3600 seconds). |
36 | . | |
37 | .if !'po4a'hide' .TP | |
38 | .if !'po4a'hide' .B "\-T timeout" | |
39 | Fixed timeout for any session. This will end the session after the timeout regardless | |
40 | of a user's activity. If used with | |
41 | .B active | |
42 | mode, this will terminate the user's session after | |
43 | .B timeout | |
44 | , after which another | |
45 | .B LOGIN | |
46 | will be required. | |
47 | .B LOGOUT | |
48 | will reset the session and timeout. | |
b0c8f295 | 49 | . |
83915266 AJ |
50 | .if !'po4a'hide' .TP |
51 | .if !'po4a'hide' .B "\-b path" | |
52 | .B Path | |
9e8f57e0 AB |
53 | to persistent database. If a file is specified then that single file is |
54 | used as the database. If a path is specified, a Berkeley DB database | |
55 | environment is created within the directory. The advantage of the latter | |
56 | is better database support between multiple instances of the session | |
57 | helper. Using multiple instances of the session helper with a single | |
2b61af8e | 58 | database file will cause synchronization problems between processes. |
9e8f57e0 AB |
59 | If this option is not specified the session details will be kept in |
60 | memory only and all sessions will reset each time Squid restarts its | |
61 | helpers (Squid restart or rotation of logs). | |
b0c8f295 | 62 | . |
83915266 AJ |
63 | .if !'po4a'hide' .TP |
64 | .if !'po4a'hide' .B \-a | |
b0c8f295 | 65 | Active mode. In this mode sessions are started by evaluating an |
92a0c1e0 AJ |
66 | acl with the argument |
67 | .B LOGIN | |
68 | , or terminated by the argument | |
935c292a | 69 | .B LOGOUT \. |
b0c8f295 | 70 | Without this flag the helper automatically starts the session after |
71 | the first request. | |
83915266 AJ |
72 | .SH CONFIGURATION |
73 | .PP | |
2be46d67 AB |
74 | The |
75 | .B ext_session_acl | |
76 | helper is a concurrent helper; therefore, the concurrency= option | |
77 | .B must | |
78 | be specified in the configuration. | |
79 | .PP | |
935c292a | 80 | Passive session configuration example using the default automatic mode |
83915266 | 81 | .if !'po4a'hide' .RS |
06fcded4 AJ |
82 | .if !'po4a'hide' .B external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl |
83 | .if !'po4a'hide' .br | |
84 | .if !'po4a'hide' .B acl session external session | |
85 | .if !'po4a'hide' .br | |
86 | .if !'po4a'hide' .B http_access deny !session | |
87 | .if !'po4a'hide' .br | |
88 | .if !'po4a'hide' .B deny_info http://your.server.example.com/bannerpage?url=%s session | |
83915266 AJ |
89 | .if !'po4a'hide' .RE |
90 | .PP | |
06fcded4 AJ |
91 | Then set up |
92 | .B http://your.server.example.com/bannerpage | |
93 | to display a session startup page and then redirect the user back to the requested URL given in the url query parameter. | |
83915266 | 94 | . |
b0c8f295 | 95 | .SH AUTHOR |
8c2b74bc AJ |
96 | This program and documentation was written by |
97 | .if !'po4a'hide' .I Henrik Nordstrom <henrik@henriknordstrom.net> | |
9e8f57e0 | 98 | .if !'po4a'hide' .I Andrew Beverley <andy@andybev.com> |
b0c8f295 | 99 | . |
83915266 | 100 | .SH COPYRIGHT |
ca02e0ec | 101 | .PP |
f70aedc4 | 102 | * Copyright (C) 1996-2021 The Squid Software Foundation and contributors |
ca02e0ec AJ |
103 | * |
104 | * Squid software is distributed under GPLv2+ license and includes | |
105 | * contributions from numerous individuals and organizations. | |
106 | * Please see the COPYING and CONTRIBUTORS files for details. | |
107 | .PP | |
83915266 AJ |
108 | This program and documentation is copyright to the authors named above. |
109 | .PP | |
c871f41e | 110 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). |
83915266 | 111 | . |
b0c8f295 | 112 | .SH QUESTIONS |
8c2b74bc AJ |
113 | Questions on the usage of this program can be sent to the |
114 | .I Squid Users mailing list | |
8311b837 | 115 | .if !'po4a'hide' <squid-users@lists.squid-cache.org> |
b0c8f295 | 116 | . |
117 | .SH REPORTING BUGS | |
c871f41e AJ |
118 | Bug reports need to be made in English. |
119 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
120 | .PP | |
8c2b74bc | 121 | Report bugs or bug fixes using http://bugs.squid-cache.org/ |
83915266 | 122 | .PP |
8c2b74bc | 123 | Report serious security bugs to |
8311b837 | 124 | .I Squid Bugs <squid-bugs@lists.squid-cache.org> |
83915266 | 125 | .PP |
8c2b74bc AJ |
126 | Report ideas for new improvements to the |
127 | .I Squid Developers mailing list | |
8311b837 | 128 | .if !'po4a'hide' <squid-dev@lists.squid-cache.org> |
b0c8f295 | 129 | . |
83915266 | 130 | .SH SEE ALSO |
6d5cbee6 AJ |
131 | .if !'po4a'hide' .BR squid "(8), " |
132 | .if !'po4a'hide' .BR GPL "(7), " | |
133 | .br | |
134 | The Squid FAQ wiki | |
135 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
136 | .br | |
137 | The Squid Configuration Manual | |
138 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |