On 24/09/18 6:38 PM, uppsalanet wrote: > Hi Amos, > Today I have a conf like this: > .... > acl *LIB_domains* dstdomain .almedalsbiblioteket.se .alvin-portal.org > .bibliotekuppsala.se > http_access allow *LIB_domains* > .... > > Now I also need to open for *.browzine.com*. The problem with > *.browzine.com* is that it is a portal with many links to other sites. So I > basically need to open up and maintain 400 sites in a squid ACL. > > I would like to take another approach then (but I don't know if it's > possible): > I know that browzine.com will reply 302 when trying to access a link on > their site. *So I would like to accept all redirect (302) sites from > browzine.com*. Aha, that is clearer. Thank you. I think you can possibly achieve this, but *only* because of those 302 existing. If the site were just a collection of links it would be very much more difficult. What I am thinking of is to use a custom external ACL script that creates a temporary browsing session for a client when the 302 arrives then the SQL session helper to allow matching traffic through for the followup request from that client. You will need a database with a table created like this: CREATE TABLE sessions ( id VARCHAR(256) NOT NULL PRIMARY KEY, enabled DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ) You need to write a script which receives an IP and a URL from Squid, extracts the domain name from the URL, then adds a string "$ip $domain" to that table as the id column, then returns the "OK" result to Squid. The page at <http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html> has details of the SQL session helper that uses that table to check for whitelisted domains. Your config would look like: acl 302 http_status 302 acl browzine dstdomain .browzine.com external_acl_type whitelist_add %SRC %{Location} \ /path/to/whitelist_script acl add_to_whitelist external whitelist_add http_reply_access allow browzine 302 add_to_whitelist http_reply_access allow all external_acl_type whitelist ttl=60 %SRC %DST \ /usr/lib/squid/ext_session_db_acl \ --dsn ... --user ... --password ... \ --table sessions --cond "" acl whitelisted external whitelist http_access allow whitelisted To have sessions expire simply remove them from the database table. Squid will start rejecting traffic there within 60 seconds of the removal. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
