Re: Dynamic filtering features

On Sat, 22 Oct 2005, Henrik Nordstrom wrote:

| But first please describe a bit of the approach you used. There is some minor
| design criterias of Squid which may cause a bit of headache unless accounted
| for in the beginning..

The initial approach I used to make Squid filter URLs dynamically was
simple and I do strongly believe that it can be improved.

In the file "client_side.c", there is a function called
"clientAccessCheckDone" that checks if a given URL is in the access
control list and wether it should pass the request
or redirect it to an "Access Denied" page. All what I did is that I added
another check that calls one my functions that does the dynamic filter
test and return
either true or false. To make things easier to extend or modify later on,
I wrote all my functions in a separate file called "dynamic.c" and linked
it with Squid's object files by modifying the Makefile.

Please note that in order for the dynamic feature to work correctly, there
must be a storage place where rules can be added or removed anytime. Rules
can be stored in a database or a file or memory. In my implementation, I
used a PostgreSQL database since it was the easiest. A rule is defined as
follows:

URL: the URL path (can be of the form "path" or "path/*")
Action: either allow or deny
Start date: defines what date the rule starts
End date: defines what date the rule ends
Start time: defines what time the rule starts
End time: defines what time the rule ends

Examples:

URL: http://www.squid-cache.org/
Action: deny
Start date: 23-10-2005
End date: 23-10-2005
Start time: 13:00
End time: 15:00

- If a user tries to open http://www.squid-cache.org/ on 23-10-2005 at
12:00, then Squid will allow the request.
- If a user tries to open http://www.squid-cache.org/ on 23-10-2005 at
13:10, then Squid will deny the request and redirect it to an "access
denied" page
- If a user tries to open http://www.squid-cache.org/ on 23-10-2003 at
16:00, then Squid will allow the request

I also would like to mention that I added the "*" support. For example, a
rule that has the following URL "http://www.squid-cache.org/*" will either
deny or allow access to any URL that start with
"http://www.squid-cache.org/", etc.

Finally all what I did in the "dynamic.c" file is as follow:

- Given the current system date and time, query the database to find any
rules such that the current system date and time falls within their start
and end interval.
- Check the rule and either allow or deny.

Anyway, I think I talked way too much but I just wanted to explain how I
got it to work. I'm pretty sure there are be better ways to do it so I'm
open to any suggestions.

Thanks,
Ahmed
Received on Mon Oct 24 2005 - 10:28:50 MDT