0

My goal is to get an authenticating proxy with time quota to work (without needing captive portal) on pfSense/squid. For this it appears I need the ext_time_quota_acl helper apparently introduced in squid 3.3.

My pfSense reported squid backend package version is 4.12, but the ext_time_quota_acl is missing. Searching gives only a few hits, among which ubuntu packages for squid 4.4 providing this helper. What is going on here? Or is the helper succeeded with similar functionality which I can't find?

EDIT: in the meantime I found out that in fact the configure options for the pfsense squid package don't include ext_time_quota_acl, i.e. it was compiled without this particular external helper. So I tried to compile from source in a FreeBSD VM, but have not been successful yet due to an apparent incompatibility with db.h (which appears to be Berkely DB, but these come in many versions). It might actually be easier to write my own helper that just parses the squid log and matches timestamps and users, and keeps track of accesses (?).

Dharman
  • 30,962
  • 25
  • 85
  • 135
ppenguin
  • 155
  • 1
  • 11

1 Answers1

0

The pfSense squid package (and it appears many packages in linux distros too) are compiled with a (arbitrary?) selection of external acl helpers, but are often missing the time_quota helper.

The only solution appears to be to compile from source with the helper, which for pfSense is non-trivial for FreeBSD noobs.

What worked in a FreeBSD VM: building squid with additional/modified configure arguments (the original arguments were obtained from the package info on the pfSense installation).

Then the corresponding binary (squid-4.12/src/acl/external/time_quota/ext_time_quota_acl) can be copied over to the pfSense box.

The configure arguments for squid need some tweaking to get the time_quota external acl to compile, the working arguments are here.

ppenguin
  • 155
  • 1
  • 11