On 7/7/20 1:00 PM, Eliezer Croitor wrote: > let say I have a set of regex for sni which are bypassed or IP addresses > that are allowed etc... > Then with an automated update script that will validate that an update is > possible and required, an update and reconfiguration will be applied.
I do not think it is a good idea to add such a script to the Squid repository because such a script will have virtually no Squid-specific code (and a lot of environment/business logic specifics that would be impossible to properly support in a simple sample script). Admins can easily script the "git pull && squid -k reconfigure" idea. There is no point in providing that kind of a sample. I can think of dozens of enhancements to that idea, but most of them are not about Squid, and most of them are environment-specific, making them poor candidate for inclusion in the official Squid repository. Cheers, Alex. > -----Original Message----- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Tuesday, July 7, 2020 4:54 PM > To: Eliezer Croitor; squid-dev@lists.squid-cache.org > Subject: Re: [squid-dev] External ACL Feed, helper? > > On 7/7/20 1:08 AM, Eliezer Croitor wrote: > >> I think that many proxy admins would like to have a script that will >> help them to update their ACLs from a feed. >> >> Ie they have a DB or a GIT repository that contains their ACLs data like >> IP addresses, domain names, sni patterns etc. > > * External ACL updates without Squid reconfiguration is available today. > > * Built-in ACL updates via Squid reconfiguration is available today. > > * Built-in ACL updates without full Squid reconfiguration is planned, > but it is a relatively complex low-priority project with no ETA. > Sponsors welcome. > > >> Would it be possible to add such helper to the project sources? > > If you are talking about a script that will automatically update an > external ACL helper configuration file based on DB/git/etc. interaction, > then I do not think it is a good idea to add such a script to the Squid > repository because such a script will have virtually no Squid-specific > code (and a lot of environment/business logic specifics that would be > impossible to properly support in a simple sample script). > > If you are talking about built-in ACL updates without full Squid > reconfiguration (i.e. the last bullet above), then such a feature does > not need an external Squid helper. It needs Squid code enhancements. > Most likely, it will be triggered by a standard reconfiguration signal > (but will zero-in on changed ACL parameter files by comparing file > timestamps). > > > Thank you, > > Alex. > _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
