Hello Amos!
Thank you very much for you explanation!
To be honest I didn’t get really what this issue was. This was really strange.
Because ttl option of my external acl is 10 sec ( I really need this value )
Also I tried restart my squid docker and server at whole - and this didn’t help. I saw in the log just silence of calling of my external helper ACL. But this ext ACL helper must to call for each proxy request…..
Then I just to solved to restore from backup and got it working again. I tend to think that it is possible to change the config - although it looks doubtful….
Ok!
Thanks again !
On Sat, 3 Jun 2023 at 14:30, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 3/06/2023 3:14 am, Alexeyяр Gruzdov wrote:
> So.ok. Looks like this is misconfig....
> I just restore from backup and now works well
>
Great to hear. I will answer your question below anyway to help avoid
future issues...
> пт, 2 июн. 2023 г. в 18:05, Alexeyяр Gruzdov:
>
> Hello Guys!
>
> Could you explain me case when the external acl couldn't to be run
> by squid.
>
There are three cases when an "external" type ACL has troubles:
1) when there are OS permission issues with the helper binary/script.
This can show up as either Squid not being allowed to run the helper, or
as the helper existing (maybe "crashing") when it tries to use forbidden
resources.
2) when the ACL is being checked in a "fast" group (aka synchronous)
access check
The helper lookup is asynchronous, so does not work inn the synchronous
checks. However there is a cache of previous helper checks which may
have the result - so long as there is an identical previous lookup whose
result has not yet reached its TTL, this cache can supply the answer. So
external ACL can have the **appearance** of working in simple tests or
some types of traffic.
3) when the ACL is used conditionally
Squid helpers are only started as-needed. Immediately after startup
there may be traffic that goes through which does not need to check the
external ACL, so the helper does not get started for a while. Also, as
mentioned above there is the helper cache, so at time there may also be
traffic that gets answered by that instead of waiting on the helper
lookup. At times both of these may be having an effect, for example
after a helper crash/exit or reconfigure of Squid.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
