Search squid archive

External Helper Question.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dist,
Squid Version: 2.6.STABLE13
OS: Solaris 10
Compiled With:
configure options: '--prefix=/usr/local' '--enable-mempool-debug' '--enable-xmalloc-statistics' '--enable-devpoll' '--enable-storeio=ufs aufs' '--enable-icmp' '--enable-delay-pools' '--enable-useragent-log' '--enable-referer-log' '--enable-ssl' '--disable-http-violations' '--enable-large-cache-files' '--enable-follow-x-forwarded-for' '--enable-auth=basic' '--enable-basic-auth-helpers=LDAP' '--enable-external-acl-helpers=ip_user ldap_group' '--with-pthreads' '--with-aio' 'CC=/usr/sfw/bin/gcc'
Integrations:
OpenLDAP: 2.3.35

Custom:
External Helper PERL program call: external_acl_type eXhelperI children=20 %LOGIN %{HOST} /usr/local/etc/squid/eXhelperI.pl

Question(on External Helper EH):
The PERL EH connects to a postgresql database, and checks the LOGIN(user ID, like 'linuxlouis') and requested HOST(or internet domain, like www.yahoo.com), if the LOGIN/HOST tuple exist in the database, the EH returns "OK\n" - permit site - IF, they do not exist in the database, the EH returns "ERR\n" - deny site.

When the webpage is fetched, usually it contains AD's or images that are not served from the HOST( like www.yahoo.com, has http//www.notyahoo.com/*.jpg files ) links as HREF tags in the main www.yahoo.com page. The result is that even though www.yahoo.com for LOGIN(linuxlouis) returns "OK\n" these extraneous sources of images/ad's etc, essentially get caught by Squid, due to the fact that probably the LOGIN/HOST(linuxlouis/www.notyahoo.com/some/image.jpg) will return ERR, because for linuxlouis, maybe we don't have www.notyahoo.com as a permissible site. Squid's behavior is for every HREF/URL embedded in the HTML content at a given site, Squid passes these also the EH to verify and rightly so...

"The question" is there a way to permit all of these additional extraneous sources of images/ad's, as in, is there a way to tell squid, "check the external helper for the LOGIN/HOST(website), if permitted 'allow all content too?' Or perhaps, should I consider rather using a custom redirector?

Any ideas would be great... thanks everyone!

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux