Re: acl, http_access, and urlpath_regex

josh@saratoga.lib.ny.us wrote:

> Is there a way to source a file into squid.conf?

Only in individual acl definitions.

It is however not very hard to set up my or cpp preprocessing to
generate the runtime squid.conf.

> Does it matter if I mix up acl and http_access lines

No, not as long as the acl names is defined before you use them in
http_access.

> # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL\ path
>
> Which to me is unclear. My expectation is that \.gif should match the
> .gif at the end. Do I need to put the '$' in or is it implied.

\. matches a dot
gif matches the three letters "g" "i" "f"
$ matches the end.

> Since my attempt to use the above resulted in all cgi-bin directories
> becoming unreachable

Well /cgi-bin/something.cgi matches bin, and so does binoculars.

> On the other hand a similar line of documentation for url_regex
> says shows the "^http://" in the documentation line even though
> it is always implied.

It is not implied. There could be other protocols, for example ftp: or
gopher:

> So in the cases using urlpath_regex should I assume that there are no
> implied symbols? Is "acl aclname url_regex whatever.com" equivalent
> to "acl aclname urlpath_regex ^http://whatever.com" ?

urlpath_regex only matches the path after the server name

Lets take a URL like

http://www.example.com:8080/some/path/to/a/file.txt

Divided up on the different ACL types:
protocol matches http
dstdomain and dstdom_regex matches www.example.com
dst matches the IP address of www.example.com
port matches 8080
urlpath_regex matches /some/path/to/a/file.txt
url_regex matches the while URL

All regex ACL types uses so called "extended" regular expression,
matching the string of the acl type scope.

A nice tool for playing around with "extended" regular expressions is
egrep. Make a text file with different patterns you want to match or
not, and then try different expressions using egrep.

--
Henrik Nordstrom
Squid hacker