Re: [squid-users] External ACL helper from Amos Jeffries on 2008-10-06 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 07 Oct 2008 02:28:56 +1300

Francois Goudal wrote:
> Hi,
>
> I'm trying to make a setup with several squid proxies :
>
> All my clients are making their requests to the main proxy, I will call
> it proxy_1 here.
>
> Then I have 2 other proxies : proxy_2 and proxy_3 that are never queried
> directly by the clients, they are supposed to be used as cache_peer by
> proxy_1.
>
> I want proxy_1 to forward the requests to either proxy_2 or proxy_3
> depending on a specific condition based on the source IP address.
>
> So I want to use an external acl helper script to determine if the
> client matches the condition or not.
>
> I have written a dummy test helper script in /root/test.sh :
>
> #!/bin/sh
>
> while read line; do
> echo $line >> /tmp/log_helper
> echo OK
> done
>
>
> And my squid.conf is basically:
>
> external_acl_type testacl %SRC /root/test.sh
> acl test1 dstdom_regex google
> acl test2 external testacl
> cache_peer proxy_2 parent 3128 0 proxy-only
> cache_peer proxy_3 parent 3128 0 proxy-only
> cache_peer_access proxy_2 allow test1
> cache_peer_access proxy_3 allow test2
> never_direct allow all
>
>
> When I start squid with this setup, I can see in the process tree that
> it starts 10 instances of test.sh
>
> If I make a http://www.google.com query to this proxy, then the acl
> test1 is matched and the query is directed to proxy_2 and it succeeds.
> But if I make a http://www.yahoo.com query to this proxy, then it
> shouldn't match the test1 acl, and then try the test2 acl, which would
> mean providing the client's IP address to the helper script, which would
> reply OK, and then the query should be directed to proxy_3.
> But as a matter of fact, this query fails with a 503 Service Unavailable.
>
> I don't understand why squid is not writing anything to the helper
> script, to try to match the test2 acl.
>
> I would appreciate some help to figure this out, I'm out of ideas :-/
>
> Best regards.
>

a) You may need to echo a newline explicitly:
echo "OK\n"

b) Does the helper have write permissions to create or append to the log
file when its run as the squid user?

c) what does cache.log say about the time of the test request?

Hint: When this is going consider the concurrency, ttl, and
negative_ttl options for extra performance.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9

Received on Mon Oct 06 2008 - 13:28:58 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 06 2008 - 12:00:02 MDT