Julien P. wrote:
> Hi everybody,
> I am trying to use an external_acl_type to be able to filter internet
> traffic according to specific User-agent headers and destination
> (let's say you have the right to browse facebook only by using
> Firefox).
>
> this is my external acl:
>
> external_acl_type getheaders %{User-Agent} %DST /etc/squid3/getheaders
> acl myacl external getheaders
> http_access allow myacl
>
>
> this is my getheaders program:
> (I runned it, and there are no permissions problem)
>
> #!/bin/sh
>
while [ 1 ]
do
> read agent
> read DST
> date=`date`
> echo "$date $agent" >> /var/log/squid3/headers.log
> echo "$DST" >> /var/log/squid3/headers.log
> echo "OK"
>
done
> exit 1
>
That way you aren't kicking off a new helper for each request.
> and this is what I get in the debug when I try to access facebook:
> 2009/04/16 21:17:16.481| aclMatchExternal: acl="getheaders"
> 2009/04/16 21:17:16.481| aclMatchExternal:
> getheaders("Mozilla/5.0%20...............0Version/4.0%20Safari/528.16
> www.facebook.com") = lookup needed
>
This just means that we don't have a cached entry for the query
"Mozilla/5.0...blah...blah www.facebook.com", and we have to ask the
external helper.
> 2009/04/16 21:17:16.481| externalAclLookup: lookup in 'getheaders' for
> 'Mozilla/5.0%20(Macintosh;%20U;%20In...........Version/4.0%20Safari/528.16
> www.facebook.com'
> 2009/04/16 21:17:16.481| externalAclLookup: looking up for
> 'Mozilla/5.0%20(Macintosh;%20U;%20..............)%20Version/4.0%20Safari/528.16
> www.facebook.com' in 'getheaders'.
> 2009/04/16 21:17:16.481| helperDispatch: Request sent to getheaders
> #1, 167 bytes
> 2009/04/16 21:17:16.482| externalAclLookup: will wait for the result
> of 'Mozilla/5.0%20(Macintosh...........0Safari/528.16
> www.facebook.com' in 'getheaders' (ch=0x85a4760).
>
> Apparently squid is waiting for a domain lookup that my getheaders
> program should do.
>
Squid is waiting for a reply from your helper actually. The mystery is
why...
> I am a bit lost as I thought that the only reply options are OK/ERR
>
With optional tags...
> As I didn't find anything on google, if anybody has a clue, I would
> appreciate the share! :-)
>
You state that you ran the script, and there were no permissions
problems. Who did you run it as? Did you give it input (and receive
output in return? Does the file "/var/log/squid3/headers.log" exist,
and does the Squid user have permission to write to it? Is there any
change if you specify (in the script) the full path to "echo"?
> I am running the latest squid3 on debian
>
> Thank you,
> Julien
>
Chris
Received on Thu Apr 16 2009 - 21:03:20 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 17 2009 - 12:00:02 MDT