Chris Robertson wrote:
> Julien P. wrote:
>> Hi everybody,
>> I am trying to use an external_acl_type to be able to filter internet
>> traffic according to specific User-agent headers and destination
>> (let's say you have the right to browse facebook only by using
>> Firefox).
>>
>> this is my external acl:
>>
>> external_acl_type getheaders %{User-Agent} %DST /etc/squid3/getheaders
>> acl myacl external getheaders
>> http_access allow myacl
>>
>>
>> this is my getheaders program:
>> (I runned it, and there are no permissions problem)
>>
>> #!/bin/sh
>>
> while [ 1 ]
> do
>> read agent
>> read DST
On Debian I'd do that as:
while read agent dst ;
do
or even better to protect from whitespace errors:
while read dst agent ;
do
... with the matching arg reversal in the squid.conf format.
>> date=`date`
>> echo "$date $agent" >> /var/log/squid3/headers.log
>> echo "$DST" >> /var/log/squid3/headers.log
>> echo "OK"
>>
> done
>> exit 1
>>
>
> That way you aren't kicking off a new helper for each request.
>
>> and this is what I get in the debug when I try to access facebook:
>> 2009/04/16 21:17:16.481| aclMatchExternal: acl="getheaders"
>> 2009/04/16 21:17:16.481| aclMatchExternal:
>> getheaders("Mozilla/5.0%20...............0Version/4.0%20Safari/528.16
>> www.facebook.com") = lookup needed
>>
>
> This just means that we don't have a cached entry for the query
> "Mozilla/5.0...blah...blah www.facebook.com", and we have to ask the
> external helper.
>> 2009/04/16 21:17:16.481| externalAclLookup: lookup in 'getheaders' for
>> 'Mozilla/5.0%20(Macintosh;%20U;%20In...........Version/4.0%20Safari/528.16
>>
>> www.facebook.com'
>> 2009/04/16 21:17:16.481| externalAclLookup: looking up for
>> 'Mozilla/5.0%20(Macintosh;%20U;%20..............)%20Version/4.0%20Safari/528.16
>>
>> www.facebook.com' in 'getheaders'.
>> 2009/04/16 21:17:16.481| helperDispatch: Request sent to getheaders
>> #1, 167 bytes
>> 2009/04/16 21:17:16.482| externalAclLookup: will wait for the result
>> of 'Mozilla/5.0%20(Macintosh...........0Safari/528.16
>> www.facebook.com' in 'getheaders' (ch=0x85a4760).
>>
>> Apparently squid is waiting for a domain lookup that my getheaders
>> program should do.
>>
>
> Squid is waiting for a reply from your helper actually. The mystery is
> why...
>
>> I am a bit lost as I thought that the only reply options are OK/ERR
>>
>
> With optional tags...
>
>> As I didn't find anything on google, if anybody has a clue, I would
>> appreciate the share! :-)
>>
>
> You state that you ran the script, and there were no permissions
> problems. Who did you run it as? Did you give it input (and receive
> output in return? Does the file "/var/log/squid3/headers.log" exist,
> and does the Squid user have permission to write to it? Is there any
> change if you specify (in the script) the full path to "echo"?
>
>> I am running the latest squid3 on debian
Question might be asked is: Debian what?
oldstable, stable, unstable, testing, experimental?
though I don't think that matters here.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7Received on Fri Apr 17 2009 - 03:32:33 MDT
This archive was generated by hypermail 2.2.0 : Sat Apr 18 2009 - 12:00:02 MDT