Re: [squid-users] Error from icap during respmod
On 2024-05-06 19:39, Arun Kumar wrote:
Are you aware of any compatible
Python or Java based iCAP server implemenation?
I am not aware of any Python- or Java-based ICAP service that I can
recommend. AFAIK, most folks looking for a free ICAP service (that
resist the temptation to reinvent a rather complex wheel) use c-icap,
but c-icap is written in C: https://c-icap.sourceforge.net/
Please note that if my triage is correct, then the issue here is not
"compatibility" with Squid. It is a serious ICAP service bug or
misconfiguration.
Good luck,
Alex.
We want to implement
custom virus scanning of the response.
I got the book /Squid: The Definitive Guide /and going over for more
understanding. Saw your name mentioned by the author. I am very proud to
work with great people like you.
On Thursday, May 2, 2024 at 04:18:45 PM EDT, Alex Rousskov
wrote:
On 2024-04-29 13:06, Arun Kumar wrote:
> Configured python based icap server (pyicap) and getting 500 Internal
> Server error during respmod.
AFAICT, this ICAP RESPMOD service is buggy: It sends what looks like an
HTTP response body chunk after sending an ICAP 100 Continue control
message. Instead, it is supposed to send the final ICAP response headers
and HTTP response headers _before_ sending that HTTP response body chunk.
00:50:54.989 ... ReadNow: conn33 ... size 65535, retval 25
ICAP/1.0 100 Continue
00:50:54.991 ReadNow: conn33 ... size 65535, retval 137
83
{"activity":...}
HTH,
Alex.
>
https://drive.google.com/file/d/19yirXfxKli7NXon4ewiy-v3GpLvECT1i/view?usp=sharing >
>
> Squid configuration:
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_encode off
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 1024
>
> icap_service service_req reqmod_precache bypass=0
> icap://127.0.0.1:13440/example
> icap_service service_resp respmod_precache bypass=0
> icap://127.0.0.1:13441/example
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
for dynamic assignment you could could use domian based ACLs they are slow match however you could make a list to do this with From: squid-users on behalf of Albert Shih Sent: Wednesday, May 8, 2024 00:55 To: ngtech1...@gmail.com Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Dynamic ACL with local auth Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
On 8/05/24 19:55, Albert Shih wrote: Le 06/05/2024 à 12:21:10+0300, ngtech1ltda écrit Hi, The right way to do it is to use an external acl helper that will use some kind of database for the settings. Ok. I will check that. The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task Ah, this is about equivalent to "just create life" level of simplicity. I expect that what you need is doable, but not in the way you are describing so far. (p-PS. If you can mention how much experience you have working with Squid configuration it will help us know how much detail we can skip over when offering options.) I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. So Squid needs to authenticate. Is that every request or on a per-resource (URL) basis? A) needs only simple auth setup or B) needs auth setup, with ACL(s) defining when to authenticate But the rule of access “allow/deny” are manage in other place through another application. What criteria/details is this other application checking? Can any of its decision logic be codified as a sequence of Squid ACL types checked in some specific order? How are you expecting Squid to communicate with it? So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. Please explain/clarify what **exactly** a "permission" is in your design? Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
Hey Albert, It's preferable to use an external ACL compared to reloading the squid conf in general. It will probably require to use external acl helper with the authenticated username as a detail which is being sent to the helper. Let's take an example.org squid.conf for the "project". On what ports squid listens? 80 and 443? It's a reverse proxy or a forward proxy which is defined in the client browser? An "auto" reload of squid can be done using couple of systemd triggers. If it's enough for you I can try to research how it can be done and we will go on from there. If you wish to choose the "dark" path of external_acl helper development I will also be happy to try and assist you in my spare time (which is not a lot these days). Eliezer -Original Message- From: Albert Shih Sent: Wednesday, May 8, 2024 10:55 AM To: ngtech1...@gmail.com Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Dynamic ACL with local auth Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Dynamic ACL with local auth
Le 06/05/2024 à 12:21:10+0300, ngtech1...@gmail.com a écrit Hi, > > The right way to do it is to use an external acl helper that will use some > kind of database for the settings. Ok. I will check that. > The other option is to use a reloadable ACLs file. But those this reload need a restart of the service ? > But you need to clarify exactly the goal if you want more then a basic advise. Well..pretty simple task I need to build a squid server to allow/deny people access to some data (website) because those website don't support authentication. But the rule of access “allow/deny” are manage in other place through another application. So the goal is to have some «thing» who going to retrieve the «permissions» of the user and apply the ACL on squid. It's not «ultra dynamic» the modification of the permissions will occur time to time. So even a reload will do.if the reload don't need a shutdown of squid. Thanks. Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: mer. 08 mai 2024 09:51:00 CEST ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
