On Sat, Mar 24, 2012 at 6:31 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 25/03/2012 7:23 a.m., Carlos Manuel Trepeu Pupo wrote: > >> On Thu, Mar 22, 2012 at 10:00 PM, Amos Jeffries wrote: >>> >>> On 23/03/2012 5:42 a.m., Carlos Manuel Trepeu Pupo wrote: >>>> >>>> I need to block each user to make just one connection to download >>>> specific extension files, but I dont know how to tell that can make >>>> just one connection to each file and not just one connection to every >>>> file with this extension. >>>> >>>> i.e: >>>> www.google.com #All connection that required >>>> www.any.domain.com/my_file.rar #just one connection to that file >>>> www.other.domain.net/other_file.iso #just connection to this file >>>> www.other_domain1.com/other_file1.rar #just one connection to that file >>>> >>>> I hope you understand me and can help me, I have my boss hurrying me !!! >>> >>> >>> There is no easy way to test this in Squid. >>> >>> You need an external_acl_type helper which gets given the URI and decides >>> whether it is permitted or not. That decision can be made by querying >>> Squid >>> cache manager for the list of active_requests and seeing if the URL >>> appears >>> more than once. >> >> Hello Amos, following your instructions I make this external_acl_type >> helper: >> >> #!/bin/bash >> result=`squidclient -h 192.168.19.19 mgr:active_requests | grep -c "$1"` >> if [ $result -eq 0 ] >> then >> echo 'OK' >> else >> echo 'ERR' >> fi >> >> # If I have the same URI then I denied. I make a few test and it work >> for me. The problem is when I add the rule to the squid. I make this: >> >> acl extensions url_regex "/etc/squid3/extensions" >> external_acl_type one_conn %URI /home/carlos/script >> acl limit external one_conn >> >> # where extensions have: >> >> \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|mpg|wma|ogg|wmv|asx|asf|deb|rpm|exe|zip|tar|tgz|rar|ppt|doc|tiff|pdf)$ >> >> http_access deny extensions limit >> >> >> So when I make squid3 -k reconfigure the squid stop working >> >> What can be happening ??? > > > * The helper needs to be running in a constant loop. > You can find an example > http://bazaar.launchpad.net/~squid/squid/3.2/view/head:/helpers/url_rewrite/fake/url_fake_rewrite.sh > although that is re-writer and you do need to keep the OK/ERR for external > ACL. Sorry, this is my first helper, I do not understand the meaning of running in a constant loop, in the example I see something like I do. Making some test I found that without this line : result=`squidclient -h 192.168.19.19 mgr:active_requests | grep -c "$1"` the helper not crash, dont work event too, but do not crash, so i consider this is in some way the problem. > > * "eq 0" - there should always be 1 request matching the URL. Which is the > request you are testing to see if its >1 or not. You are wanting to deny for > the case where there are *2* requests in existence. This is true, but the way I saw was: "If the URL do not exist, so can't be duplicate", I think isn't wrong !! > > * ensure you have manager requests form localhost not going through the ACL > test. I was making this wrong, the localhost was going through the ACL, but I just changed !!! The problem persist, What can I do ??? > > > Amos >
