I got the external acl setup to work, it had some bugs but I notice something that maybe through configuration I can fix.
It's a configuration
external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 negative_ttl=10 children-max=50 children-startup=10 children-idle=5 %LOGIN /usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr" --user squidmgr --password squ1dmgr --table "proxy_usuario" --uidcol "identificador" --usercol "identificador" --cond "overcuote = 1" --debug
acl OVERCUOTE external CHECKOVERCUOTE
acl OVERCUOTE external CHECKOVERCUOTE
It generate: SELECT identificador AS 'user', '' AS 'tag' FROM proxy_usuario WHERE (identificador = ?) AND overcuote =1
UID queried: 'frizquierdo - ' # when user identifier authenticated on squid is 'frizquierdo'
The user identifier generated by the ext_sql_session_acl query is made up of the user identifier +space+ hyphen +space, for example (for 'frizquierdo' identifier, 'frizquierdo - ' is generated), so in the database it would have to be the user identifier stored in that format.
Is there a directive that guarantees that the parameter is not created that way?
El mié, 29 mar 2023 a las 8:00, <squid-users-request@xxxxxxxxxxxxxxxxxxxxx> escribió:
Send squid-users mailing list submissions to
squid-users@xxxxxxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
squid-users-request@xxxxxxxxxxxxxxxxxxxxx
You can reach the person managing the list at
squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."
Today's Topics:
1. Re: squid-users Digest, Vol 103, Issue 22 (Francisco)
----------------------------------------------------------------------
Message: 1
Date: Tue, 28 Mar 2023 11:46:29 -0400
From: Francisco <frizquierdo87@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: squid-users Digest, Vol 103, Issue 22
Message-ID:
<CAJXDOba8SokfbZWeG-GidyLb6-r-hJYG__qJCCF6iQ2zQJUE0g@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
In my previous email I was missing part of the text when I sent it, I
deleted it by mistake.
This is what I have so far:
I try to make the following config:
external_acl_type CHECKOVERCUOTE ttl=5 negative_ttl=5 children-max=10
children-startup=5 %ACL /usr/lib/squid/ext_sql_session_acl --dsn
"DBI:mysql:database=squidmgr" --user squidmgr --password squidmgr --table
"proxy_usuario" uidcol "id" --usercol "identificador" --cond "overcuote=1"
--persist
acl OVERCUOTE external CHECKOVERCUOTE
http_access allow CONNECT SSL_ports !dominio_cuba usuarios_internet
macs_red_local red_local !OVERCUOTE
--cond "overcuote=1" is the field in database that it's set to 1 when user
calc overcuote.
if i try ext_sql_session_acl from terminal, i see:
ERR message="unknow UID ' '"
El mar, 28 mar 2023 a las 8:00, <squid-users-request@xxxxxxxxxxxxxxxxxxxxx>
escribi?:
> Send squid-users mailing list submissions to
> squid-users@xxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
> squid-users-request@xxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
> 1. Re: squid-users Digest, Vol 103, Issue 21 (Francisco)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 27 Mar 2023 18:09:10 -0400
> From: Francisco <frizquierdo87@xxxxxxxxx>
> To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: squid-users Digest, Vol 103, Issue 21
> Message-ID:
> <CAJXDObaQz4X2g=
> Y5Uh3U6NPmoafA-RygPWMvfED6bEYNszf_uA@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> Sorry, I don't understand how to combine *ext_sql_session_acl* with
> anothers acl of type dstdomain for example, becasue I need calc user's
> cuote only for an certains sites (domains, and sites).
>
>
> El lun, 27 mar 2023 a las 8:00, <squid-users-request@xxxxxxxxxxxxxxxxxxxxx
> >
> escribi?:
>
> > Send squid-users mailing list submissions to
> > squid-users@xxxxxxxxxxxxxxxxxxxxx
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.squid-cache.org/listinfo/squid-users
> > or, via email, send a message with subject or body 'help' to
> > squid-users-request@xxxxxxxxxxxxxxxxxxxxx
> >
> > You can reach the person managing the list at
> > squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of squid-users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: squid 5.7 Bad request from parent cache after squid -k
> > reconfigure (Amos Jeffries)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Mon, 27 Mar 2023 05:05:02 +1300
> > From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: squid 5.7 Bad request from parent cache
> > after squid -k reconfigure
> > Message-ID: <bfd2a571-02d1-2cff-690c-59caf55a0338@xxxxxxxxxxxxx>
> > Content-Type: text/plain; charset=UTF-8; format=flowed
> >
> > On 24/03/2023 2:34 pm, Francisco wrote:
> > > Hi, (first Iapologize for my English) I have a local squid proxy in
> > > forward mode, with parent cache. I'm trying calc and restrict
> > > authenticated users that reach the assigned cuote on certains domains
> > > and sites, and for that I store the access log into database that
> > > match determinates ACL.
> >
> > > Every one minute run an script that calc http_size for every user from
> > > database (leaving out logs records derived from TCP_HIT_, zero size,
> > > NONE, etc, etc), and those users that get her assigned limit, I put
> > > them into a file (that point to an access deny_rule), and make squid
> > > -k reconfigure.
> >
> > Constantly reconfiguring Squid has a large number of side effects such
> > as the one you noticed. Avoiding that is a good idea.
> >
> > I recommend having a table in the database with the details about
> > whether a user is allowed (or not). The ext_sql_session_acl helper can
> > check that table to allow/deny users.
> > ?<
> http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html
> > >
> >
> >
> > HTH
> > Amos
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
> > ------------------------------
> >
> > End of squid-users Digest, Vol 103, Issue 21
> > ********************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20230327/48f4c47d/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 103, Issue 22
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230328/fd60a036/attachment-0001.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
End of squid-users Digest, Vol 103, Issue 23
********************************************
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users