Hi Amos, thanks for the reply. It is now working like a charm. I hope that my CPU is not going to jump on 100% usage anymore :-). I'll let you know how things are going on! Thank you again. Julien Sent from San Francisco, California, United States On Thu, Apr 16, 2009 at 8:32 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > Chris Robertson wrote: >> >> Julien P. wrote: >>> >>> Hi everybody, >>> I am trying to use an external_acl_type to be able to filter internet >>> traffic according to specific User-agent headers and destination >>> (let's say you have the right to browse facebook only by using >>> Firefox). >>> >>> this is my external acl: >>> >>> external_acl_type getheaders %{User-Agent} %DST /etc/squid3/getheaders >>> acl myacl external getheaders >>> http_access allow myacl >>> >>> >>> this is my getheaders program: >>> (I runned it, and there are no permissions problem) >>> >>> #!/bin/sh >>> >> >> while [ 1 ] >> do >>> >>> read agent >>> read DST > > On Debian I'd do that as: > > while read agent dst ; > do > > or even better to protect from whitespace errors: > > while read dst agent ; > do > ... with the matching arg reversal in the squid.conf format. > >>> date=`date` >>> echo "$date $agent" >> /var/log/squid3/headers.log >>> echo "$DST" >> /var/log/squid3/headers.log >>> echo "OK" >>> >> >> done >>> >>> exit 1 >>> >> >> That way you aren't kicking off a new helper for each request. >> >>> and this is what I get in the debug when I try to access facebook: >>> 2009/04/16 21:17:16.481| aclMatchExternal: acl="getheaders" >>> 2009/04/16 21:17:16.481| aclMatchExternal: >>> getheaders("Mozilla/5.0%20...............0Version/4.0%20Safari/528.16 >>> www.facebook.com") = lookup needed >>> >> >> This just means that we don't have a cached entry for the query "Mozilla/5.0...blah...blah www.facebook.com", and we have to ask the external helper. >>> >>> 2009/04/16 21:17:16.481| externalAclLookup: lookup in 'getheaders' for >>> 'Mozilla/5.0%20(Macintosh;%20U;%20In...........Version/4.0%20Safari/528.16 >>> www.facebook.com' >>> 2009/04/16 21:17:16.481| externalAclLookup: looking up for >>> 'Mozilla/5.0%20(Macintosh;%20U;%20..............)%20Version/4.0%20Safari/528.16 >>> www.facebook.com' in 'getheaders'. >>> 2009/04/16 21:17:16.481| helperDispatch: Request sent to getheaders >>> #1, 167 bytes >>> 2009/04/16 21:17:16.482| externalAclLookup: will wait for the result >>> of 'Mozilla/5.0%20(Macintosh...........0Safari/528.16 >>> www.facebook.com' in 'getheaders' (ch=0x85a4760). >>> >>> Apparently squid is waiting for a domain lookup that my getheaders >>> program should do. >>> >> >> Squid is waiting for a reply from your helper actually. The mystery is why... >> >>> I am a bit lost as I thought that the only reply options are OK/ERR >>> >> >> With optional tags... >> >>> As I didn't find anything on google, if anybody has a clue, I would >>> appreciate the share! :-) >>> >> >> You state that you ran the script, and there were no permissions problems. Who did you run it as? Did you give it input (and receive output in return? Does the file "/var/log/squid3/headers.log" exist, and does the Squid user have permission to write to it? Is there any change if you specify (in the script) the full path to "echo"? >> >>> I am running the latest squid3 on debian > > Question might be asked is: Debian what? > oldstable, stable, unstable, testing, experimental? > though I don't think that matters here. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 > Current Beta Squid 3.1.0.7