Re: [squid-users] redirect_program and non-redirection

>
> Tuc at T-B-O-H.NET wrote:
> >> Tuc at T-B-O-H.NET wrote:
> >>> Hi,
> >>>
> >>> I'm having an issue I'm not sure why. Unfortunately I'm
> >>> not at the site to see the problem, so debugging is a bit difficult.
> >>>
> >>> I have :
> >>>
> >>> redirect_program /usr/local/bin/squidintercept.pl
> >>>
> >>> And the program (as mentioned before) is fairly generic.
> >>> If its a "GET", if the URL ends in "/", and if they aren't in a
> >>> db, send a 302 to a webpage on my webserver.
> >>>
> >>> I'm getting the GET match, I'm getting the "/" match, and
> >>> I'm getting the 302... But it seems like the browser just ignored it
> >>> and goes on its merry way...
> >>>
> >>> The hit that triggers it is :
> >>>
> >>> 192.168.3.3 - - [09/May/2008:07:48:01 -0400] "GET http://www.brockport.k12.ny.us/ HTTP/1.1" 302 191 "http://search.live.com/results.aspx?srch=105&FORM=IE7RE&q=brockport+central" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_MISS:NONE
> >>>
> >>> Which you see the 302, but then :
> >>>
> >>> 192.168.3.3 - - [09/May/2008:07:48:02 -0400] "GET http://dss1.siteadvisor.com/DSS/Query? HTTP/1.1" 200 1684 "-" "SiteAdvisor" TCP_MISS:DIRECT
> >>> 192.168.3.3 - - [09/May/2008:07:48:02 -0400] "GET http://www.brockport.k12.ny.us/pix/home/topLogo.gif HTTP/1.1" 304 427 "http://www.brockport.k12.ny.us/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_IMS_HIT:NONE
> >>> 192.168.3.3 - - [09/May/2008:07:48:02 -0400] "GET http://www.brockport.k12.ny.us/pix/home/topSpacer.gif HTTP/1.1" 304 427 "http://www.brockport.k12.ny.us/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_IMS_HIT:NONE
> >>> 192.168.3.3 - - [09/May/2008:07:48:02 -0400] "GET http://www.brockport.k12.ny.us/pix/home/intranetLink.gif HTTP/1.1" 304 427 "http://www.brockport.k12.ny.us/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_IMS_HIT:NONE
> >>>
> >>> As if the 302 is totally ignored. Atleast before when they
> >>> were matching I saw :
> >>>
> >>> 192.168.3.3 - - [07/May/2008:18:01:05 -0400] "GET http://www.example.com/guest/request.html HTTP/1.1" 200 4055 "http://search.live.com/results.aspx?srch=105&FORM=IE7RE&q=brockport+central" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_REFRESH_HIT:DIRECT
> >>> 192.168.3.3 - - [07/May/2008:18:01:06 -0400] "GET http://www.example.com/HOME.png HTTP/1.1" 200 1245 "http://www.example.com/guest/request.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_MISS:DIRECT
> >>> 192.168.3.3 - - [07/May/2008:18:01:06 -0400] "GET http://www.example.com/spacer.gif HTTP/1.1" 200 1347 "http://www.example.com/guest/request.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" TCP_MISS:DIRECT
> >>>
> >>> It seems, though, after that, either the 302 wasn't abided
> >>> by.
> >>>
> >>> Places to look?
> >>>
> >>> Thanks, Tuc
> >> Start with squid -v
> >>
> >> We need to know what version you are talking about in order to provide
> >> good help.
> >>
> > Very sorry.
> >
> > Squid Cache: Version 2.6.STABLE20+ICAP
> > configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--da
> > tadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstat
> > edir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-pol
> > icies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-
> > epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PA
> > M MSNT SMB YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-he
> > lpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
> > '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-st
> > oreio=ufs diskd null aufs coss' '--enable-delay-pools' '--enable-snmp' '--enable
> > -ssl' '--with-openssl=/usr' '--enable-icmp' '--enable-htcp' '--enable-forw-via-d
> > b' '--enable-cache-digests' '--enable-wccpv2' '--enable-referer-log' '--enable-u
> > seragent-log' '--enable-arp-acl' '--enable-pf-transparent' '--enable-ipf-transpa
> > rent' '--enable-follow-x-forwarded-for' '--enable-icap-support' '--with-large-fi
> > les' '--enable-large-cache-files' '--enable-stacktraces' '--enable-err-languages
> > =Armenian Azerbaijani Bulgarian Catalan Czech Danish Dutch English Estonian Fin
> > nish French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian P
> > olish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian Simplify_Chinese
> > Slovak Spanish Swedish Traditional_Chinese Turkish Ukrainian-1251 Ukrainian-ko
> > i8-u Ukrainian-utf8' '--enable-default-err-language=English' '--prefix=/usr/loca
> > l' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' 'i386-portbld-freebsd7
> > .0' 'build_alias=i386-portbld-freebsd7.0' 'host_alias=i386-portbld-freebsd7.0' '
> > target_alias=i386-portbld-freebsd7.0' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -
> > pipe -I/usr/include -g' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib -L/usr/lib' '
> > CPPFLAGS='
> >
> >> Second is looking at you redirector. Is it now sending 302 and an
> >> unchanged URL out?
> >>
> > In the perl program it sends :
> >
> > print "302:http://www.example.com/guest/request.html\n";
> >
> > when I want them to be redirected :
> >
> > @X = split;
> > $url = $X[0];
> > print "$url\n";
> >
> > If not.
> >> Then the redirect_access?
> >>
> > Eh? Whats dat?
>
> Small typo on my part. But that name is now obsolete. It's a
> url_rewrite_* control.
> http://www.squid-cache.org/Versions/v2/2.6/cfgman/url_rewrite_access.html
>
> You could use that coupled with a urlpath_regex ACL to get around your
> troublesome re-writer logics and only pass the URI you want to re-write
> to the re-writer.
>
        I have to use a regex either way. I'd rather it be in a perl
program where I can test more. I don't mind passing everything to the
rewriter. If its not a get, or doesn't match /\/$/ it gets passed along.
Its troublesome only in that I've not found the perfect regex I want
to use. If I do /[com|edu|net|us|org]\// then it means they have to
visit the MAIN page of the site. I still want to capture them if they
go to http://www.example.com/some/subdirectory/ . The problem is that
I've run into CGI's that are using "/" to pass field information
along. (Admittedly, I do the same myself for CGI's I've written, but
I NEVER end with a "/" hanging out in the breeze)
>
> Then again. With the same ACL you could do a fancy deny_info redirection
> instead of re-writing anything:
>
> acl known_ips src ./database_of_non-redirected_ips
> acl redirect urlpath_regex ^/$
> deny_info http://somewhere.example.com redirect
> http_access deny !known_ips redirect
>
        But I don't want to redirect 100% of the time. I want to
redirect when *I* decide that it should redirect. The way I do
this is a DB_File that keeps :

valhalla# /tmp/dumpsquidintercept.pl
192.168.3.3 = 1210335746|http://www.home.nyu.edu/

        Where the IP WANTED to go, and when. Then, depending on how
often I want to have the message show up again , I do :

valhalla# cat /tmp/deletesquidintercept.pl
#!/usr/local/bin/perl

use DB_File;
use Fcntl;

$x=tie (%fdb,'DB_File',"/tmp/squidintercept",O_RDWR|O_CREAT,0777,$DB_HASH) ||die $!;

delete $fdb{'192.168.3.3'};
$x->sync();
untie %fdb;
>
> >> Or should you really be using url_rewrite directives?
> >>
> > I was going by :
> >
> > http://wiki.squid-cache.org/SquidFaq/SquidRedirectors
> > and
> > http://wiki.squid-cache.org/ConfigExamples/PhpRedirectors
> >
> > I didn't see either mentioned.
>
> Ah, FAQ needed updating. Thank you.
>
> >
> > My program "randomly" invokes the :
> >
> > print "302:http://www.example.com/guest/request.html\n";
> >
> > line until I set a flag in the filesystem to stop it.
> >
> > I've found that if the URL that matches my conditions
> > is already in the cache, it seems to ignore the 302. If its a
> > new site that has never seen the light of the cache, it works.
>
> Definately a bug then.
> May be related to #7
> http://www.squid-cache.org/bugs/show_bug.cgi?id=7
>
        Dunno. Above my head.
>
> Or it could be a different one with the store looking for its key
> information in the wrong place.
>
        Any way to fix it? I can't be guaranteed that the user will
look at fresh content quick enough for my needs for them.

                Thanks, Tuc
Received on Fri May 09 2008 - 15:52:42 MDT