Search squid archive

Re: squid 5.1: external_acl_type: Get public remote address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 16/09/21 10:09 pm, David Touzeau wrote:
Hi comunity, Squid fans

I would like to use an external acl process for Geoip processing

i have tried to setup squid to send the remote peer address using %<a code but it always reply with a "-"

external_acl_type MyGeopip ttl=3600 negative_ttl=3600 children-startup=2 children-idle=2 children-max=20 concurrency=1 ipv4 %un %SRC %SRCEUI48 %>ha{X-Forwarded-For} %DST %ssl::>sni %USER_CERT_CN %note %<a /lib/squid3/squid-geoip

acl MyGeopip_acl external MyGeopip
http_access deny !MyGeopip_acl

I was thinking that Squid call the helper before resolving the remote route.


The problem is there is no server/peer connection at all for a transaction that has only been received and not yet processed by Squid.


So to force it, i have added a "fake" acl to force Squid to calculate the remote address.

acl fake_dst dst 127.0.0.2
http_access deny !fake_dst !MyGeopip_acl

But it failed too, the external_acl still receive the "-" instead of the remote public IP address of the server


Aye. There is still no server.

All this dst ACL changed was that Squid knows a group of IPs it *might* select from. The decision whether to use one of them (or somewhere entirely different) has not yet been made, so there is still no server.

The "%<a" displays the "last server or peer connection". It can change when automated retries are done, and is "-" at all points before any server contact.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux