OK so first goes first.(I will try to add more then I was asked)
Squid has an interface which allows it to communicate with other
software and let these softwares to make a "decision" and send it back
into squid which then decides what to do with it.
external_acl is an interface for a software which helpes squid decides
decisions for ACL rules.
A great example would be to write a software that receives from squid an
IP address and then tells back to squid if it's OK to allow this
client\user to access the web.
What you do want to achieve is possible but from my point of view maybe
a bit too much.
I remember that this same question was asked in the past and it is possible.
I have yet to test it on newer versions of squid but it seems to me like
there are no reasons for it to not work.
If you have a programming language that you are familiar with I will be
more then happy to give you an example of an external_acl in this
specific language.
There are couple examples in squid sources and I have written couple of
them in RUBY language.
The interface is explained in squid wiki and docs.
http://wiki.squid-cache.org/Features/AddonHelpers
When a program runs in linux world it has three channels of
communication which are called STDOUT STDIN and STDERR.
squid emulates this user interface and runs the program you have written
or selected.
Then it "throws" a line with the "question" in hands which is a client
requesting to access a web resource.
The program receives the request details on it's STDIN interface.
Then the software is expected by "squid" to send the "result" to the
question using it's STDOUT interface.
In bash we can use "read" to store the request details from squid and to
use "echo" to send the response back to squid.
The interface can be understood pretty fast after couple "experiments".
The ICAP service is an interface which is far more complex then the
external_acl or other simple interfaces that exists in squid.
Also the ICAP service communication is not using STDIN\STDOUT\STDERR but
uses TCP connections.
If you want to see some code about ICAP I have written in the past a
tiny ICAP service and the sources are at:
https://github.com/elico/squid-helpers/tree/master/echelon-mod
The version on github is not so "well done" and not updated.
Also there are pretty much more efficient pieces of software that can
provide more then my tiny ICAP service.
Please feel free to ask questions.
All The Bests,
Eliezer
On 30/12/13 16:53, yogii wrote:
Hello Amos,
thank you for your response. i actually don't know what is helper. in my
mind, based on ACL function (like rep_mime_time) i'm starts to thinking
about how to use external acl to matching content based on content-type,
then i want to assign this acl to set tos value.
i'm wondering if this could be achieve using this way.
Hello Eliezer,
thank you for your suggestion. i will learn more about ICAP. i'm apreciated
if you could explain to me about ICAP.
