]>
Commit | Line | Data |
---|---|---|
1 | .if !'po4a'hide' .TH ext_session_acl 8 "9 October 2011" | |
2 | . | |
3 | .SH NAME | |
4 | ext_session_acl \- Squid session tracking external acl helper. | |
5 | .PP | |
6 | Version 1.2 | |
7 | . | |
8 | .SH SYNOPSIS | |
9 | .if !'po4a'hide' .B ext_session_acl | |
10 | .if !'po4a'hide' .B "[\-t" | |
11 | timeout | |
12 | .if !'po4a'hide' .B "] [\-b" | |
13 | database | |
14 | .if !'po4a'hide' .B "] [\-a]" | |
15 | . | |
16 | .SH DESCRIPTION | |
17 | .B ext_session_acl | |
18 | maintains a concept of sessions by monitoring requests | |
19 | and timing out sessions. The timeout is based either on idle use ( | |
20 | .B \-t | |
21 | ) or a fixed period of time ( | |
22 | .B \-T | |
23 | ). The former is suitable for displaying terms and conditions to a user; the | |
24 | latter is suitable for the display of advertisments or other notices (both as a | |
25 | splash page \- see config examples in the wiki online). The session helper can also be used | |
26 | to force users to re\-authenticate if the | |
27 | .B %LOGIN | |
28 | and | |
29 | .B \-a | |
30 | are both used. | |
31 | . | |
32 | .SH OPTIONS | |
33 | .if !'po4a'hide' .TP 12 | |
34 | .if !'po4a'hide' .B "\-t timeout" | |
35 | Idle timeout for any session. The default if not specified (set to 3600 seconds). | |
36 | . | |
37 | .if !'po4a'hide' .TP | |
38 | .if !'po4a'hide' .B "\-T timeout" | |
39 | Fixed timeout for any session. This will end the session after the timeout regardless | |
40 | of a user's activity. If used with | |
41 | .B active | |
42 | mode, this will terminate the user's session after | |
43 | .B timeout | |
44 | , after which another | |
45 | .B LOGIN | |
46 | will be required. | |
47 | .B LOGOUT | |
48 | will reset the session and timeout. | |
49 | . | |
50 | .if !'po4a'hide' .TP | |
51 | .if !'po4a'hide' .B "\-b path" | |
52 | .B Path | |
53 | to persistent database. If a file is specified then that single file is | |
54 | used as the database. If a path is specified, a Berkeley DB database | |
55 | environment is created within the directory. The advantage of the latter | |
56 | is better database support between multiple instances of the session | |
57 | helper. Using multiple instances of the session helper with a single | |
58 | database file will cause synchronisation problems between processes. | |
59 | If this option is not specified the session details will be kept in | |
60 | memory only and all sessions will reset each time Squid restarts its | |
61 | helpers (Squid restart or rotation of logs). | |
62 | . | |
63 | .if !'po4a'hide' .TP | |
64 | .if !'po4a'hide' .B \-a | |
65 | Active mode. In this mode sessions are started by evaluating an | |
66 | acl with the argument | |
67 | .B LOGIN | |
68 | , or terminated by the argument | |
69 | .B LOGOUT \. | |
70 | Without this flag the helper automatically starts the session after | |
71 | the first request. | |
72 | .SH CONFIGURATION | |
73 | .PP | |
74 | The | |
75 | .B ext_session_acl | |
76 | helper is a concurrent helper; therefore, the concurrency= option | |
77 | .B must | |
78 | be specified in the configuration. | |
79 | .PP | |
80 | Passive session configuration example using the default automatic mode | |
81 | .if !'po4a'hide' .RS | |
82 | .if !'po4a'hide' .B external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl | |
83 | .if !'po4a'hide' .br | |
84 | .if !'po4a'hide' .B acl session external session | |
85 | .if !'po4a'hide' .br | |
86 | .if !'po4a'hide' .B http_access deny !session | |
87 | .if !'po4a'hide' .br | |
88 | .if !'po4a'hide' .B deny_info http://your.server.example.com/bannerpage?url=%s session | |
89 | .if !'po4a'hide' .RE | |
90 | .PP | |
91 | Then set up | |
92 | .B http://your.server.example.com/bannerpage | |
93 | to display a session startup page and then redirect the user back to the requested URL given in the url query parameter. | |
94 | . | |
95 | .SH AUTHOR | |
96 | This program and documentation was written by | |
97 | .if !'po4a'hide' .I Henrik Nordstrom <henrik@henriknordstrom.net> | |
98 | .if !'po4a'hide' .I Andrew Beverley <andy@andybev.com> | |
99 | . | |
100 | .SH COPYRIGHT | |
101 | .PP | |
102 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors | |
103 | * | |
104 | * Squid software is distributed under GPLv2+ license and includes | |
105 | * contributions from numerous individuals and organizations. | |
106 | * Please see the COPYING and CONTRIBUTORS files for details. | |
107 | .PP | |
108 | This program and documentation is copyright to the authors named above. | |
109 | .PP | |
110 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
111 | . | |
112 | .SH QUESTIONS | |
113 | Questions on the usage of this program can be sent to the | |
114 | .I Squid Users mailing list | |
115 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
116 | . | |
117 | .SH REPORTING BUGS | |
118 | Bug reports need to be made in English. | |
119 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
120 | .PP | |
121 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
122 | .PP | |
123 | Report serious security bugs to | |
124 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
125 | .PP | |
126 | Report ideas for new improvements to the | |
127 | .I Squid Developers mailing list | |
128 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
129 | . | |
130 | .SH SEE ALSO | |
131 | .if !'po4a'hide' .BR squid "(8), " | |
132 | .if !'po4a'hide' .BR GPL "(7), " | |
133 | .br | |
134 | The Squid FAQ wiki | |
135 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
136 | .br | |
137 | The Squid Configuration Manual | |
138 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |