Search squid archive

Re: Cannot get Squid to start with external ACL in config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/25/23 13:49, deennyycsgo wrote:
Hello, I'm having an issue configuring an external ACL, the error i get is:

Can't use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl ext_acl external acl_name

Unfortunately, Squid requires at least one authentication scheme to be explicitly configured in squid.conf _before_ the first %LOGIN use. The existing error reporting does not make that fact clear enough IMHO.

To avoid the above two errors:

* either add "auth_param" directive(s) _above_ all external ACL declarations that use a %LOGIN format code;

* or remove %LOGIN (which probably will not contain anything useful without authentication configured anyway!).


HTH,

Alex.



Here is my config: acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT external_acl_type acl_name %SRC %LOGIN %DST /etc/squid/ext_acl.py acl ext_acl external acl_name http_access allow ext_acl http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/spool/squid3 refresh_pattern ^ftp:           1440  20%     10080 refresh_pattern ^gopher:        1440    0%      1440 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0 refresh_pattern .           0       20%     4320

And here is the python script:
#!/usr/bin/python3
import sys
import logging
import time

def grant ():
       sys.stdout.write('OK\n')
       sys.stdout.flush()

def deny ():
       sys.stdout.write('ERR\n')
       sys.stdout.flush()

while True:
       line = sys.stdin.readline().strip()
       if line:
               deny()
       else:
               time.sleep( 1 )

The python script has 777 permissions and is owned by the proxy user.
Running it through the terminal results in expected output and expected behaviour.

I'm running Squid version 4.10 on Ubuntu Server 20.04 Thanks in advance!


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux