You means I need set http_access allow all first?
I tried that, but still no effect.
Dose anybody have a simplest and good squid.conf configuration file
with external_acl_type and cache_peer_access?
thanks a lot.
2009/1/14 Amos Jeffries <squid3_at_treenet.co.nz>:
> NetSnake wrote:
>>
>> Actually, I defined a cache_peer named host1 as this:
>> cache_peer www.myhost.com parent 80 0 no-query no-digest originserver
>> name=host1
>>
>> and I defined a ACL named ipaddress:
>> acl ipaddress external checkip
>>
>> and then I defined the access rule, to deny access to hosts through my
>> checkip script.
>> cache_peer_access host1 deny ipaddress
>>
>> And I found my script is already running after squid is up, and it can
>> write data to the file.
>> But it like squid just start up my script, and never call it when a
>> connection arraived.
>
> cache_peer_access is a fast-ACL check. It cannot wait for delayed actions
> such as remote helpers to reply.
>
> It's also only checked after the request has been accepted.
> You need to use your ACL in an http_access line first. Which will check it
> early, and cache the result long enough for the peer checks to use.
>
> Amos
>
>>
>> BTW, No SELinux running on my box.
>>
>> thanks.
>>
>> 2009/1/14 Chris Robertson <crobertson_at_gci.net>:
>>>
>>> NetSnake wrote:
>>>>
>>>> hi,all
>>>> I want to use external_acl_type to distribute my user to different
>>>> server, these user need NOT authentication.
>>>> Squid start my application, but when I access to a special host, no
>>>> data send to my program from Squid.
>>>> my program is a very simple script, and when I use an existing
>>>> application such as ip_user_check, still no actions.
>>>> My squid configuration is:
>>>> external_acl_type checkip concurrency=0 ttl=0 children=1 %SRC
>>>> /usr/local/squid/libexec/
>>>> checkip.pl
>>>> http_port 80 accel vhost vport
>>>> cache_peer www.myhost.com parent 80 0 no-query no-digest originserver
>>>> name=host1
>>>> acl ipaddress external checkip
>>>> cache_peer_access www deny ipaddress
>>>>
>>> There is no cache_peer defined as "www". There is one defined as
>>> "www.myhost.com". Perhaps that's a typo in the obfuscation of your
>>> squid.conf. Are you sure the checkip.pl script is runnable by the
>>> squid_effective_user? Does /tmp/squid.log exists? If so, is it
>>> writeable
>>> by the squid_effective_user? Are you running SELinux or AppArmor?
>>>
>>>> ...
>>>>
>>>> My program is very simple:
>>>> cat checkip.pl
>>>> #!/usr/bin/perl
>>>> $| = 1;
>>>> open(LOG, ">/tmp/squid.log");
>>>> print LOG "RUNNING\n";
>>>> close(LOG);
>>>> while(defined($line = <STDIN>)){
>>>> print "OK\n";
>>>> open(LOG, ">>/tmp/squid.log");
>>>> print LOG "Got: $line\n";
>>>> close(LOG);
>>>> }
>>>>
>>>>
>>>> So, I think that, is external_acl_type must under authentication mode?
>>>>
>>>> thanks in advance.
>>>>
>>> Chris
>>>
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
> Current Beta Squid 3.1.0.3
>
Received on Wed Jan 14 2009 - 03:20:32 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST