[squid-users] External ACL helper from Francois Goudal on 2008-10-06 (squid-users)

From: Francois Goudal <fg_at_satcom1.com>
Date: Mon, 06 Oct 2008 13:08:31 +0200

Hi,

I'm trying to make a setup with several squid proxies :

All my clients are making their requests to the main proxy, I will call
it proxy_1 here.

Then I have 2 other proxies : proxy_2 and proxy_3 that are never queried
directly by the clients, they are supposed to be used as cache_peer by
proxy_1.

I want proxy_1 to forward the requests to either proxy_2 or proxy_3
depending on a specific condition based on the source IP address.

So I want to use an external acl helper script to determine if the
client matches the condition or not.

I have written a dummy test helper script in /root/test.sh :

#!/bin/sh

while read line; do
echo $line >> /tmp/log_helper
echo OK
done

And my squid.conf is basically:

external_acl_type testacl %SRC /root/test.sh
acl test1 dstdom_regex google
acl test2 external testacl
cache_peer proxy_2 parent 3128 0 proxy-only
cache_peer proxy_3 parent 3128 0 proxy-only
cache_peer_access proxy_2 allow test1
cache_peer_access proxy_3 allow test2
never_direct allow all

When I start squid with this setup, I can see in the process tree that
it starts 10 instances of test.sh

If I make a http://www.google.com query to this proxy, then the acl
test1 is matched and the query is directed to proxy_2 and it succeeds.
But if I make a http://www.yahoo.com query to this proxy, then it
shouldn't match the test1 acl, and then try the test2 acl, which would
mean providing the client's IP address to the helper script, which would
reply OK, and then the query should be directed to proxy_3.
But as a matter of fact, this query fails with a 503 Service Unavailable.

I don't understand why squid is not writing anything to the helper
script, to try to match the test2 acl.

I would appreciate some help to figure this out, I'm out of ideas :-/

Best regards.

-- 
Francois Goudal
Satcom1
Denmark - France - Sweden - Canada
Phone: +33170031923 (NEW)
Fax: +33170031922 (NEW)
Mob: +33626432204
e-mail: fg_at_satcom1.com
www.satcom1.com
Inmarsat: ISP 8422, PSA 3123
*Satcom1 hopes to see you at NBAA  2008, October 6th to 8th, Booth #1038*

Received on Mon Oct 06 2008 - 11:08:50 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 06 2008 - 12:00:02 MDT