Re: Dynamic ACL Regex's associated with authenticated user

From: louis gonzales <>
Date: Sun, 04 Mar 2007 19:22:01 -0500

Hello Henrik,
I've been working with Squid without sleep for the last couple of days.
I got access into an external PERL helper program using "basic" auth_param.
My original external_acl_type line looks like:

external_acl_type eXhelper %LOGIN /path/to/MY/ - then of
course I call this via an ACL-operator.

This is great the user ID/PW pair gets read into the PERL program and I
can then check with Postgres and OpenLDAP.

My question for the Development group:
Q: If I want to use " external_acl_type eXhelper %LOGIN %{Header}
/path/to/MY/ "
How can my PERL program read the contents of %{Header}?

Basically, I wan to have the PERL program have visibility into the HTTP
Request that invoked Squid. There really isn't any documentation on
these other arguments that can be 'passed' to the external helpers.

Thoughts/Insight would be very appreciated! Thanks for your help.

A few friends of mine - 4 of us in total - are working on a major Squid
related project for 'fun.'
One has his doctoral degree in Physics from University of Michigan
One is a Medical Anesthesiologist also UofM
Myself and Friend number 3, are computer scientists from Eastern
Michigan University - I'm working on my Math degree from Michigan State

When we have our 'working pilot' - I expect maybe 3 months at most down
the road, we could share our project details with your team, and
potentially share some of our code and integrations.

I look forward to hearing back from you. Thanks again.

Sind sie Deutscher?

Henrik Nordstrom wrote:

>tis 2007-02-06 klockan 00:14 -0500 skrev louis gonzales:
>>Is the process to tap into a database for regex's(which are stored in a
>>database) as easy as using the external_acl to call, for instance a PERL
>>program which can search the database via DBI, which can check if the
>>%LOGIN id is permitted or prohibited to get this web content, and send
>>back the response(OK or ERR), at which point Squid will either
>>permit/prohibit based on the associated (acl, http_access) pair?
>>Maybe in the months coming down the road, my friend and I can contribute
>>to PERL development of some additional 'helper' functions, which can be
>>shipped/bundled with Squid to allow for database access OOTB?
>>What kind of commitment does your group look for?
>Whatever you can provide.

"Open the pod bay doors HAL!" -2001: A Space Odyssey
"Good morning starshine, the Earth says hello." -Willy Wonka
Received on Sun Mar 04 2007 - 17:22:10 MST

This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT