Re: [squid-users] URL redirection

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 06 May 2009 23:17:32 +1200

rcbandit wrote:
>
>
> Amos Jeffries-2 wrote:
>> rcbandit wrote:
>>>
>>> Amos Jeffries-2 wrote:
>>>>> Hi,
>>>>> I would like to ask you is there a way to configure squid to redirect
>>>>> IPs.
>>>>> I want squid to read IP's from file saved in .TXT format saved on HDD
>>>>> or
>>>>> server on internet. And when user's IP matches with the IP from the TXT
>>>>> file
>>>>> squid redirects it to external URL hosted on remote server.
>>>> Umm, what exactly are you trying to do with this?
>>>> There are several scenarios each with different solutions possible.
>>>>
>>>> Please note the IPs do not have a 1:1 relationship with URLs so
>>>> rewriting
>>>> a URL based on it's IP is not generally possible.
>>>> For example, the URL http://www.google.com/ for example has several
>>>> hundred geo-located IPs (not all of which are visible at any time or at
>>>> all), and each of those IPs has a few dozen domain names.
>>>>
>>>>
>>>>> Second question - is there a way to configure squid to read the
>>>>> external
>>>>> TXT
>>>>> file every 10 minutes for example so when I manually enter new IP or
>>>>> remove
>>>>> old one squid reads it and reconfigure itself.
>>>> No.
>>>> For this type of thing use an external_acl_type helper. They are tested
>>>> live for every request with an optional caching time in seconds for the
>>>> results.
>>>>
>>>> I'm getting a vague Idea about what you are trying to do, I don't think
>>>> you want redirection at all. But please state what it is clearly so we
>>>> can
>>>> be of more help.
>>>>
>>>> Amos
>>>>
>>>>
>>>>
>>>
>>> I want to write a PHP billing system for ISPs and web hosting. It's a
>>> hobby
>>> project.
>>> My idea is to control the access to the internal servers with squid and
>>> PHP
>>> program. When the owner of the server don't pay squid blocks the access.
>>> I will write a PHP program witch will pass IPs to the squid using .TXT
>>> file.
>>> Squid reads the IPs from the file and blocks the access. So I need a way
>>> to
>>> force squid to read that .TXT file.
>> Definitely external_acl_type then.
>>
>> FWIW all the CDN providers I know of (self included) have some form of
>> this already existing in practice. Often more efficiently integrated
>> into the local authentication mechanisms than .txt method would allow for.
>>
>> The formal Quota feature is also being worked on to integrate finer
>> control into later Squid releases.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>> Current Beta Squid 3.1.0.7
>>
>>
>
> How to integrate squid's local authentication mechanisms with PHP program.
> Do you know how to do it?
>

Depends entirely on the local authentication mechanism. Some get plugged
in through the bundled helpers and policy logic written into squid.conf.
Others get a helper written up specially to cope with the unusual
environment.

All helpers, authentication ones included can be coded up in any
language. Squid passes a fixed format of fields "username password" to
the auth helpers.
   basic auth is "user pass"
   digest auth is "user realm"
   negotiate and ntlm auth take a binary blob of data base64 encoded.

external_acl_type helper has flexible format defined by the local admin
or app requirements.

There is a dummy auth helper code at:
  http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly
the active code of the helper can be written up to perform any business
logic needed. Only the input and output formats are fixed.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Wed May 06 2009 - 11:17:42 MDT

This archive was generated by hypermail 2.2.0 : Fri May 08 2009 - 12:00:01 MDT