Discussion:
[squid-users] external ACL based on requested port?
Kevin Kretz
2018-11-29 22:53:22 UTC
Permalink
Hi,

I'm using an external ACL script to allow/limit access based on some factors including (authenticated) username, client IP, the domain of the requested URL.

I'd also like to base the access on the port of the destination. Most would just be 80 or 443, but I'd like to limit/allow access to particular ports with the external script based on the other factors (a rule that would allow a connection to domain.com on port 80 from user 'user' coming from his IP address, for example), so a simple "acl allow_port port 80" would be too broad.

It looks, though, like the <lp format code doesn't have a value until after the connection is made (or attempted) so I can't use it for this purpose.

Is there a way to provide the desired port to the external ACL along with the other information?


thanks

Kevin
Alex Rousskov
2018-11-29 23:43:26 UTC
Permalink
Post by Kevin Kretz
I'd also like to base the access on the port of the destination.
Is there a way to provide the desired port to the external ACL along
with the other information?
How about using one of the following %codes?

[http::]>ru Request URL from client
[http::]>rP Request URL port from client

You may need to handle default ports on your own, and you may need be
careful about requests on pinned connections (e.g., bumped HTTPS traffic
and connection-based authentication), but I think it should work in
principle.

Alex.

Loading...