Re: Reading ACL configuration files every request from Amos Jeffries on 2011-11-06 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 07 Nov 2011 11:59:01 +1300

On Sun, 06 Nov 2011 21:29:03 +0000, Andrew Beverley wrote:
> On Sun, 2011-11-06 at 14:17 +1300, Amos Jeffries wrote:
>> On 6/11/2011 1:39 p.m., Andrew Beverley wrote:
>> > Hi,
>> >
>> > I am using the ACL feature whereby the parameters can be read from
>> a
>> > file. For example:
>> >
>> > acl session_day time "/var/www/announce_days.txt"
>> >
>> > Understandably, the file only appears to be read when the
>> configuration
>> > file is parsed, rather than each time the ACL is checked. However,
>> I
>> > need it to be checked more often, as I have a system configuration
>> > interface that writes a day of the week to the file, which
>> subsequently
>> > causes a splash page to be shown on a particular day. I would like
>> > configuration to be done without having to reload the Squid
>> > configuration file.
>> >
>> > Would any consideration be given to a patch to check the ACL file
>> more
>> > often? Could/should it be an extra configuration option to check
>> the
>> > file each request? I appreciate that this would come with a
>> greater
>> > overhead. Is there a better way to achieve this?
>>
>> A better way currently available would be to use an external_acl
>> helper
>> to read and response OK/FAIL. You probably want to pass something
>> relatively static (%PROTO or %METHOD) as the ACL format to reduce
>> the
>> overheads. With time calculations vs "now" you can ignore the actual
>> input format.
>
> Good idea, thanks. I've now written a little perl helper to do this.
>
> It would be nice to add this to the main squid source code. Shall I
> just
> submit as a bzr diff as normal? Is there any documentation for the
> external helpers that I should also add to?
>

Well, in light of the facts that new helpers are only being added to
3.3 now and that live re-configuration via POST to the manager is very
close now I'm not sure how much use this would be.

> On a similar subject, is there any mileage in making the FORMAT
> optional
> for external_acl_type? There is obviously no need for it in this
> case,
> although as you have shown it is easy to workaround with a fairly
> static
> parameter.

The long term plans are to make the external ACL format merge with log
line format codes and add a format= option. Allowing far more
flexibility in the format syntax.

I've just added support for the '%%' token which can be used for a
completely static placeholder.

Amos
Received on Sun Nov 06 2011 - 22:59:05 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 09 2011 - 12:00:08 MST