On Tue, 19 Jul 2011 12:57:27 -0700, Zael Rey wrote:
Hello there I',m working in a script to filter with squid using:
external_acl_type myAclType %SRC %URI
/home/konrad/testing/myexternalacltype.pl
acl MyAcl external myAclType
http_access allow MyAcl
this is the script I have and for some reason its not working :
#!/usr/bin/perl -w
$|=1;
open(STDERR, ">/tmp/external_acl.log");
STDERR gets sent to squid cache.log by default. No need for this.
select(STDERR); $| = 1; # make unbuffered
select(STDOUT); $| = 1; # make unbuffered
print STDERR "INI: $$\n\n";;
use MIME::Base64 ();
while (<>) {
print STDERR "<--- $_\n\n";;
print "ERR\n";
}
Its supposed to block when it has ERR but it does not, it allows
always can you tell my whats wrong pls.
No. ERR means only that the ACL does not match. Will not be used, try
another line, do not pass go.
OK/ERR == true/false.
Syntax is:
http_access $ACTION $BOOLEAN-CONDITION
So "http_access ** MyAcl" is a rule about what to do when MyACL is
true. "OK".
the NOT operator (!) can be added, or the allow/deny action can be
changed. Giving you three outcomes of one line. ALLOWED/DENIED/SKIP.
<snip>
2011/07/19 11:42:32| helperHandleRead: 4 bytes from myAclType #1.
2011/07/19 11:42:32| commSetSelect: FD 7 type 1
2011/07/19 11:42:32| commSetEvents(fd=7)
2011/07/19 11:42:32| helperHandleRead: 'ERR
'
2011/07/19 11:42:32| helperHandleRead: end of reply found: ERR
<snip>
2011/07/19 11:42:32| cbdataValid: 0xb94307e0
2011/07/19 11:42:32| aclCheck: checking 'http_access deny MyAcl'
The cache.log also indicates that your earlier statement about
squid.conf was wrong.
The rule "http_access deny MyAcl" will block, whenever the ACL matches
(ie produces "OK"). Otherwise it will be SKIP.
Amos
