external_acl issues in 3.0

From: Joe Cooper <joe@dont-contact.us>
Date: Wed, 07 May 2003 23:44:27 -0500

Hi Henrik and all,

I'm seeing a couple of oddities in my testing of Squid 3.0, wrt
external_acl_type.

The first issue is that I can't make Squid shutdown. A 'squid -k
shutdown' just restarts her, with no errors. It takes a killall squid
to bring her down. It happens cleanly, if there's nothing going on
(maybe otherwise, since it's just a signal 15 kill), and starting up
again leaves no error messages. This does not happen without an
external_acl_type defined.

The second issue might just be a broken external ACL helper, but I don't
think Squid is handling it very well, if so.

I have a very simple cookie checker in perl:

#!/usr/bin/perl -w
#
# external ACL helper to check the value of a cookie
# Copyright 2003 Joe Cooper <joe@swelltech.com>

# This is the cookie to check for.
$COOKIE="\@download";

# Enable/disable debugging
$DEBUG=0;

# disable output buffering
$|=1;

sub debug {
         unless ($DEBUG) { return 0; }
         print STDERR "@_\n";
}

# cookie matches?
while (<STDIN>) {
         chop;
         &debug ("$_ received");
         $cookie=$_;
         &debug ("cookie is $cookie");
         if( $cookie =~ /$COOKIE/m) {
                 print "OK\n";
         } else { print "ERR\n"; }
}

And then I have the following external acl setup in squid.conf:

external_acl_type download concurrency=15 %{Cookie}
/usr/lib/squid/cookie_check.pl

acl DOWNLOAD external download
acl peng dstdomain penguinfeet.org
http_access deny !subscribed peng

Now, it's been a while since I've setup an external ACL, but I thought
this was the way I did it in the past. The problem is that when these
rules are in place, Squid will answer no requests. It simply closes the
connection immediately after receiving the request (i.e. I can telnet
in, issue a request, but then the connection is closed). No errors show
up in cache.log when starting up Squid, or when the client connection is
refused. Likewise, nothing appears in access.log.

Is this me, or is external ACL broken in some way?

Thanks!

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com
Received on Wed May 07 2003 - 22:44:33 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:52 MST