Re: [squid-users] Dstdomain from external ACL

2023-07-23 Thread Alexeyяр Gruzdov 
Hello!

For get it worked I used the next things:

1. In squid.conf
  external_acl_type ext_proxy_url_acl_type ttl=10 children-max=30
children-startup=5 ipv4 %LOGIN %DST /etc/squid/ext_helper/ext_acl_urls.py
2. Inside of my acl_url_direct.conf
   acl proxy_direct_url_mark_acl external
ext_proxy_url_acl_type
   acl proxy_direct_url_acl note url_name passed
3. Inside of http_acces.conf

   http_access deny proxy_direct_url_mark_acl !all

4. The my owned helper reads the incoming arguments like login and dst url
and then checks url in the DB,  then replies something like:
 OK url_name=passed   (if url is in DB)
 or
 ERR
   And of course If I got the OK I can use the acl  called
"proxy_direct_url_acl" in policy I wanted.

My case as a whole is to pass the URL to the  cache_peers, but some URL
must be proxying  on the server (without forwarding to the cache_peers).
This was so curious to know how the squid parses these URL's (to prevent
the problems in the future).



Best Regards.
Alexey

сб, 22 июл. 2023 г. в 12:12, Amos Jeffries :

> On 22/07/23 17:20, Alexeyяр Gruzdov wrote:
> > Wow…
> > Thank you so much !
> >
> > For now I used a simple .py script that checks if url is in table and
> > send reply OK or ERR, depends from result.
> >
> > But allow ask you - how squid parse the url???
> > I think it uses the regexp, is that true???
>
> All parsers in the 'squid' binary perform full parse with validation.
>
>
> >
> > Because for example if I add the url to DB like example.com
> > ( base url name)
> > And if the proxy request will be even like to example.com/page1/
> >  - this will be matched. That’s great.
> >
>
> Oh, there are many moving parts involved there.
>
> First is the HTTP request URL that Squid received, it could be any of
> origin-form, authority-form, or relative-url.
>
> (... probably you configured Squid to only send the URL domain name to
> the helper.)
>
> Second is what details you configured the external_acl_type directive to
> pass on.
>
> Third is how the helper receives its input. The helper I suggested uses
> Perl string split to separate the concurrency channel-ID from the UID
> portion and pack("H*",...) for binary safety.
>
> Fourth is how the helper is using its input to lookup the database.
>   The helper I suggested uses SQL "=" operator, whose matching is
> string-wise exact equality.
>
> As far as I know only the Perl string split is potentially using regex,
> but not in any way which would case the behaviour you describe.
>
> If you are still using your own custom helper, look into how it is doing
> those third and fourth things.
>
>
> HTH
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to build Squid 6

2023-07-23 Thread Amos Jeffries 

On 23/07/23 11:57, Henning Svane wrote:

Hi Alex

I have now followed the instruction below.
All compiling and building was done without problems.

When I run
sudo systemctl status squid
I get this message
Unit squid.service could not be found.
And /usr/sbin/squid do not exist

What do I miss?



The instructions Alex gave will build Squid under a /usr/local directory.

To have Squid installed where the system package would put it you need 
these ./configure options:


--prefix=/usr \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid \
--datadir=${prefix}/share/squid \
--sysconfdir=/etc/squid \
--with-default-user=proxy \
--with-logdir=/var/log/squid \
--with-pidfile=/run/squid.pid





I can see that the directory /etc/squid is not create I guess I have to make it 
myself, correct?
Can I used the old files from the old 5.2 installation?

If you wish to use the old config yes. Run "squid -k parse" first to see 
if there are any updates needed with the new version.


The /usr/lib/systemd/system/squid.service file from 5.2 might work, or 
you can also try the Debian 13 one attached.


HTH
Amos## Copyright (C) 1996-2023 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##

[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target

[Service]
Type=notify
PIDFile=/run/squid.pid
Group=proxy
RuntimeDirectory=squid
RuntimeDirectoryMode=0775
ExecStartPre=/usr/sbin/squid --foreground -z
ExecStart=/usr/sbin/squid --foreground -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
NotifyAccess=all

[Install]
WantedBy=multi-user.target
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users