Chris Robertson wrote:
Julien P. wrote:
Hi everybody,
I am trying to use an external_acl_type to be able to filter internet
traffic according to specific User-agent headers and destination
(let's say you have the right to browse facebook only by using
Firefox).
this is my external acl:
external_acl_type getheaders %{User-Agent} %DST /etc/squid3/getheaders
acl myacl external getheaders
http_access allow myacl
this is my getheaders program:
(I runned it, and there are no permissions problem)
#!/bin/sh
while [ 1 ]
do
read agent
read DST
On Debian I'd do that as:
while read agent dst ;
do
or even better to protect from whitespace errors:
while read dst agent ;
do
... with the matching arg reversal in the squid.conf format.
date=`date`
echo "$date $agent" >> /var/log/squid3/headers.log
echo "$DST" >> /var/log/squid3/headers.log
echo "OK"
done
exit 1
That way you aren't kicking off a new helper for each request.
and this is what I get in the debug when I try to access facebook:
2009/04/16 21:17:16.481| aclMatchExternal: acl="getheaders"
2009/04/16 21:17:16.481| aclMatchExternal:
getheaders("Mozilla/5.0%20...............0Version/4.0%20Safari/528.16
www.facebook.com") = lookup needed
This just means that we don't have a cached entry for the query
"Mozilla/5.0...blah...blah www.facebook.com", and we have to ask the
external helper.
2009/04/16 21:17:16.481| externalAclLookup: lookup in 'getheaders' for
'Mozilla/5.0%20(Macintosh;%20U;%20In...........Version/4.0%20Safari/528.16
www.facebook.com'
2009/04/16 21:17:16.481| externalAclLookup: looking up for
'Mozilla/5.0%20(Macintosh;%20U;%20..............)%20Version/4.0%20Safari/528.16
www.facebook.com' in 'getheaders'.
2009/04/16 21:17:16.481| helperDispatch: Request sent to getheaders
#1, 167 bytes
2009/04/16 21:17:16.482| externalAclLookup: will wait for the result
of 'Mozilla/5.0%20(Macintosh...........0Safari/528.16
www.facebook.com' in 'getheaders' (ch=0x85a4760).
Apparently squid is waiting for a domain lookup that my getheaders
program should do.
Squid is waiting for a reply from your helper actually. The mystery is
why...
I am a bit lost as I thought that the only reply options are OK/ERR
With optional tags...
As I didn't find anything on google, if anybody has a clue, I would
appreciate the share! :-)
You state that you ran the script, and there were no permissions
problems. Who did you run it as? Did you give it input (and receive
output in return? Does the file "/var/log/squid3/headers.log" exist,
and does the Squid user have permission to write to it? Is there any
change if you specify (in the script) the full path to "echo"?
I am running the latest squid3 on debian
Question might be asked is: Debian what?
oldstable, stable, unstable, testing, experimental?
though I don't think that matters here.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
