Hello!
For get it worked I used the next things:
1. In squid.conf
external_acl_type ext_proxy_url_acl_type ttl=10 children-max=30 children-startup=5 ipv4 %LOGIN %DST /etc/squid/ext_helper/ext_acl_urls.py
2. Inside of my acl_url_direct.conf
acl proxy_direct_url_mark_acl external ext_proxy_url_acl_type
acl proxy_direct_url_acl note url_name passed
3. Inside of http_acces.conf
http_access deny proxy_direct_url_mark_acl !all
4. The my owned helper reads the incoming arguments like login and dst url and then checks url in the DB, then replies something like:
OK url_name=passed (if url is in DB)
or
ERR
And of course If I got the OK I can use the acl called "proxy_direct_url_acl" in policy I wanted.
My case as a whole is to pass the URL to the cache_peers, but some URL must be proxying on the server (without forwarding to the cache_peers).
This was so curious to know how the squid parses these URL's (to prevent the problems in the future).
Best Regards.
Alexey
For get it worked I used the next things:
1. In squid.conf
external_acl_type ext_proxy_url_acl_type ttl=10 children-max=30 children-startup=5 ipv4 %LOGIN %DST /etc/squid/ext_helper/ext_acl_urls.py
2. Inside of my acl_url_direct.conf
acl proxy_direct_url_mark_acl external ext_proxy_url_acl_type
acl proxy_direct_url_acl note url_name passed
3. Inside of http_acces.conf
http_access deny proxy_direct_url_mark_acl !all
4. The my owned helper reads the incoming arguments like login and dst url and then checks url in the DB, then replies something like:
OK url_name=passed (if url is in DB)
or
ERR
And of course If I got the OK I can use the acl called "proxy_direct_url_acl" in policy I wanted.
My case as a whole is to pass the URL to the cache_peers, but some URL must be proxying on the server (without forwarding to the cache_peers).
This was so curious to know how the squid parses these URL's (to prevent the problems in the future).
Best Regards.
Alexey
сб, 22 июл. 2023 г. в 12:12, Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 22/07/23 17:20, Alexeyяр Gruzdov wrote:
> Wow…
> Thank you so much !
>
> For now I used a simple .py script that checks if url is in table and
> send reply OK or ERR, depends from result.
>
> But allow ask you - how squid parse the url???
> I think it uses the regexp, is that true???
All parsers in the 'squid' binary perform full parse with validation.
>
> Because for example if I add the url to DB like example.com
> ( base url name)
> And if the proxy request will be even like to example.com/page1/
> - this will be matched. That’s great.
>
Oh, there are many moving parts involved there.
First is the HTTP request URL that Squid received, it could be any of
origin-form, authority-form, or relative-url.
(... probably you configured Squid to only send the URL domain name to
the helper.)
Second is what details you configured the external_acl_type directive to
pass on.
Third is how the helper receives its input. The helper I suggested uses
Perl string split to separate the concurrency channel-ID from the UID
portion and pack("H*",...) for binary safety.
Fourth is how the helper is using its input to lookup the database.
The helper I suggested uses SQL "=" operator, whose matching is
string-wise exact equality.
As far as I know only the Perl string split is potentially using regex,
but not in any way which would case the behaviour you describe.
If you are still using your own custom helper, look into how it is doing
those third and fourth things.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
