On 03/22/2017 09:25 AM, Eliezer Croitoru wrote: > I didn't meant by convert the StoreID helper to convert it into an external_acl helper.... > It has both OK and ERR and a "checklist" which would be a match or not. Sigh. The combination of your answers does not make any sense to me. Squid does not use StoreID helpers to block access, regardless of what a StoreID helper returns. It is certainly possible to take some StoreID helper code and make an external_acl helper out of it, but that falls under my option #2. Perhaps what you meant to say is something like "Use StoreID helper X available at Y to implement option #2 -- that X code has everything you need!"? Alex. > -----Original Message----- > From: Alex Rousskov [mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, March 22, 2017 3:51 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Cc: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> > Subject: Re: URL list from a URL > > On 03/21/2017 06:17 PM, Eliezer Croitoru wrote: >> The current StoreID helper can be converted pretty fast into what he needs. > > Jason needs to block access. How can a [converted] StoreID helper block > access without becoming an external_acl helper? > > Alex. > >> -----Original Message----- >> From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Alex Rousskov >> Sent: Tuesday, March 21, 2017 11:43 PM >> To: squid-users@xxxxxxxxxxxxxxxxxxxxx >> Subject: Re: URL list from a URL >> >> On 03/21/2017 02:30 PM, Jason B. Nance wrote: >> >>> I should have mentioned that I'm not caching, I'm only using Squid >>> for whitelisting in this case. Would you still say this is the right >>> path? >> >> No. You probably have two better options: >> >> 1. Use a file with list of mirror URLs as an ACL parameter. Write a >> script that updates that file and reconfigures Squid as needed. Please >> keep in mind that Squid reconfiguration is currently a relatively >> heavy/intrusive operation, even if there were not changes except for >> that single ACL. >> >> 2. Write an external_acl helper that will consult the mirror list. This >> will make each HTTP transaction a little slower (because it needs to go >> to the helper) but eliminates reconfigurations. The helper itself or >> some other script will still need to update the mirror list as needed, >> of course. >> >> >> HTH, >> >> Alex. >> >> >> >> >>>> Hello, >>>> >>>> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which retrieves the list of URLs from another URL (similar to pointing to a file). In this specific use case it is to allow a Foreman server to sync Yum content from the CentOS mirrors. I tell Foreman to use the following URL: >>>> >>>> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates >>>> >>>> Which returns a list of URLs, such as: >>>> >>>> http://repo1.dal.innoscale.net/centos/7.3.1611/updates/x86_64/ >>>> http://linux.mirrors.es.net/centos/7.3.1611/updates/x86_64/ >>>> http://reflector.westga.edu/repos/CentOS/7.3.1611/updates/x86_64/ >>>> http://mirror.jax.hugeserver.com/centos/7.3.1611/updates/x86_64/ >>>> http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/updates/x86_64/ >>>> http://mirror.nexcess.net/CentOS/7.3.1611/updates/x86_64/ >>>> http://mirror.web-ster.com/centos/7.3.1611/updates/x86_64/ >>>> http://centos.host-engine.com/7.3.1611/updates/x86_64/ >>>> http://mirror.raystedman.net/centos/7.3.1611/updates/x86_64/ >>>> http://mirror.linux.duke.edu/pub/centos/7.3.1611/updates/x86_64/ >>>> >>>> Foreman then starts a new HTTP connection (not a redirect) to attempt to connect to those in turn until it works. >>>> >>>> So I would like to configure Squid to allow the Foreman server access to any of those URLs (the list changes somewhat often). >>>> >>>> I started to go down the external_acl_type but am wondering if I'm missing something obvious. >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users