Search squid archive

Re: Help: squid restarts and squidGuard die

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm saying the purpose of the url_rewrite_* API in Squid is to tell
Squid whether the URL (only) needs some mangling in order for the
server/origin to understand it.
 It can re-write transparently with all the problems that causes to
security scopes and URL sync between the endpoints. Or redirect the
client to the "correct" URL.


The Squid http_access and similar *access controls* are the place for
access control - hint is in the naming. With external ACL type for
anything Squid does not support natively or well. As Flashdown mentioned 
even calls to SquidGuard etc. can be wrapped and used as external ACLs.
Just want to add, in the beginning I thought about using a wrapper or writing one but as I found out during testing during these time, SquidGuard gives back the right responses to Squid, so a wrapper was not needed, and the rewrite adding in such a respone is simply ignored by Squid and it works like a charm, hope ufdbguard can be used as external acl helper natively as well. My config line: external_acl_type squidguard ipv4 concurrency=0 children-max=XXX children-startup=XX ttl=60 %URI %SRC %{-} %un %METHOD /usr/bin/squidGuard 

Taken out from my internal documentation:

"Manual testing:

echo "website.com 10.0.0.1/ - - GET" | squidGuard

Explaination of Responses:
ERR tells us: The access was not denied by Squidguard, so wether its not part of the blacklists or it is listed in the whitelist BH message=“squidGuard error parsing squid line” tells us: there was an error when checking your input, may you had a syntax error or there is an issue in SquidGuard, the message param gives more insight. OK rewrite-url=“https://127.0.0.1/”; tells us: the item was found on the blacklists and is blocked. BTW Squid only sees the OK and ignores the rewrite command, since we didn't integrate it as an URL-rewrite program which would have many disadvantages.
PS: This is just how an external ACL Helper for Squid must work/respond. So Squid only takes ERR and BH including the message and OK. Thats why I was able to implement it this way without writing a wrapper for it. "
Hope it helps and hope I can do the same with ufdbguard, the SquidGuard Version I use is the latest one from the official Debian Repositories. 



---
Best regards,
Flashdown
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux