Eeehhhh, you were right.
It was a configuration directive. Even though putting 'http_access deny all' didn't fix the issue, I was able to make the loop run by commenting out the following configuration directives:
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access allow authenticated
Completely didn't realize they were preventing Squid from passing input into the script.
Thanks Alex!
Adrian
On Saturday, September 26, 2020, 10:17:53 AM CDT, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 9/25/20 4:28 PM, Ajb B wrote:
> So I have a external_acl_type helper script and it's not reading input
> from Squid.
>
> Here it is:
>
> redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null
>
> while read -s line; do
> redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null
> printf '%s\n' 'OK'
> done
>
> And here are my Squid configuration directives:
>
> external_acl_type ex_parent_proxy %LOGIN /etc/squid/squid-access-control.sh
> acl parent_proxy_1 external ex_parent_proxy
> http_access allow parent_proxy_1
>
> When I test it out, the 'SCRIPT DID RUN' value does get set in the
> database. However, 'LOOP STARTED' does not. Any idea why?
Perhaps access is granted (or denied) by an earlier http_access rule?
If no test transactions are currently denied, then, to test the above
theory, you can add an "http_access deny all" rule immediately
before/above your "http_access allow parent_proxy_1" rule and see
whether Squid starts denying any test transactions. If it does not, the
theory is probably correct.
Alex.
> So I have a external_acl_type helper script and it's not reading input
> from Squid.
>
> Here it is:
>
> redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null
>
> while read -s line; do
> redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null
> printf '%s\n' 'OK'
> done
>
> And here are my Squid configuration directives:
>
> external_acl_type ex_parent_proxy %LOGIN /etc/squid/squid-access-control.sh
> acl parent_proxy_1 external ex_parent_proxy
> http_access allow parent_proxy_1
>
> When I test it out, the 'SCRIPT DID RUN' value does get set in the
> database. However, 'LOOP STARTED' does not. Any idea why?
Perhaps access is granted (or denied) by an earlier http_access rule?
If no test transactions are currently denied, then, to test the above
theory, you can add an "http_access deny all" rule immediately
before/above your "http_access allow parent_proxy_1" rule and see
whether Squid starts denying any test transactions. If it does not, the
theory is probably correct.
Alex.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
