Search squid archive

Re: Fwd: cache_peer_access by dynamic ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oh... Looks like I just need to send as answer the list of my policy acl, for example

user1 wanted to go over peer1 and peer3 
the answer from external script must be like  "OK proxy=peer1 proxy=peer3"  and looks like it works well like I need. User will go over peer1 and peer3 only by round-robin.

ср, 26 апр. 2023 г. в 15:40, Alexeyяр Gruzdov <my.shellac@xxxxxxxxx>:
Hello! 
Yes! 
Thank you! 


One more question pls: 

For example I have five of cache_peers and ACL associated  with some cache peer.
As you know - I used the my external ACL script and now I can put the policy to answer fo my script and squid will get an answer and used the correct ACL for username. 
For example answer is  "OK  proxy=peer1"  and user will be used the cache_peer1, or if "OK proxy=all" and user will go over all of cache_peers by round-robin.
All works well. 
But how I can put something like a list of ACL for user ?  for example  I want that some one user can go over peer1 and peer3 only, by round robin, but will be denied over peer2. peer4, peer5. Of course better using external ACL (as DB ). What do you think? 






пн, 24 апр. 2023 г. в 18:07, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>:
On 4/23/23 14:28, Alexeyяр Gruzdov wrote:

> One more may be last thing:  - I found the strange behavior  - if I make
> changes at my ext ACL script (its python ) and then "squid -k
> reconfigure"  then I can see that my script appears in the "TOP" of
> process and loads CPU to 100%

Check how your ACL script reacts to stdin closure/EOF. The script should
quit but probably does not. Same for any stdin reading errors. On EOF,
the script should use exit code zero. All these things are easy to test
on the command line (without Squid).

Alex.

> вс, 23 апр. 2023 г. в 16:36, Amos Jeffries <squid3@xxxxxxxxxxxxx
> <mailto:squid3@xxxxxxxxxxxxx>>:
>
>     On 23/04/2023 5:27 pm, Alexeyяр Gruzdov wrote:
>      > Hello Guys!
>      > Thank you very much! For now all works like I needed!
>      >
>      > But I have an one more  questions about how I could to use the
>     kv-pair:
>     ...
>      > and then ACL with “note proxy all “
>      > But how the kv-pair must to be looked for this my tag ?
>      >
>      > I have tried to get answer from my ext script like
>      > “OK”
>      > “proxy=all”
>      >
>      > But looks like it’s not correct
>      >
>
>     This part of the instructions were missed:
>     https://wiki.squid-cache.org/Features/AddonHelpers#helper-protocols
>     <https://wiki.squid-cache.org/Features/AddonHelpers#helper-protocols>
>     "
>     For every line sent by Squid exactly one line is expected back. Some
>     script language such as perl and python need to be careful about the
>     number of newlines in their output.
>     "
>
>     If your helper received something like this (with concurrency
>     channel-id
>     "1"):
>
>        "1 bob 192.0.2.1"
>
>     It should produce a line like:
>         "1 OK proxy=all"
>
>     If no concurrency channel-id is received, then output is the same but
>     without sending channel-id back and MUST be sent in same order as
>     received.
>
>     I do recommend using concurrency. It can help further debug issues with
>     helpers responding incorrectly.
>
>     HTH
>     Amos
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users@xxxxxxxxxxxxxxxxxxxxx
>     <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>     http://lists.squid-cache.org/listinfo/squid-users
>     <http://lists.squid-cache.org/listinfo/squid-users>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux