Re: [squid-users] access-lists from mysql ?

On 02/03/2013 08:02 AM, Matthew Goff wrote:
> Ah...But is it floating on the web to be found by Google?;) I
> searched off and on a little for a way to easily tie Squid to MySQL
> and I found lots of people asking but very little practical examples
> beyond user authentication using the supplied demo script.
>
> I'm curious how much caching would really be necessary in the helper
> program though given that Squid already caches external ACL lookup
> results on its own. I haven't seen any slowdown using this on my own
> LAN, but that's a fairly small traffic sample.
>
> My end goal was something using as few external library dependencies
> as possible in a compiled language, so I can say I achieved that at
> least. I really was just tired of the whole process of: ssh, su, edit,
> reload, test -- each time I needed to block a new domain one of my
> kids stumbled on;) The SQL tie-in is also nice because it can be
> managed by so many different tools so you can create portal pages or
> small GUI tools to allow less technical users to update their lists
> without worrying about what file on disk to edit and what commands to
> run afterwards.
>
> Every solution will have pros and cons, just have to pick the best one
> for your own use case:)
Indeed.

Well if you are here you can always ask and I do my best if I can.
Portability is very good.
I have used ruby since it's very intuitive to me.
The only systems I couldn't use Ruby was embedded.

Cache for external ACL is better limited to something.
Also the external ACL caches by IP or URL or couple together.
The application is caching in the block\search level which is far more
advanced and low level then squid helper cache.
Since squid dosn't have a "domain" a "path" etc.. in the interface the
app should do that.
Since I have used only a list of domains and partial url's path there is
a pretty good reason for that.

In almost any case other options then static DB is better.
There are couple solutions which offers just that for free.

There were couple guys here who talked about MYSQL as ACL backend but
nobody sketched a design for that.
If you do have something in mind for LDAP or MYSQL scheme which a
application can use to check for ACLs I will be more then happy to think
about it.

The current options are:
- squidGuard static DB by category.
- other weight categorizing such as -127 bad +127 ok and the user
choose the level he wants to be on or assigned a number.
This is a problem since many will refer a malware site as -127 while
adult content as -120 or what so ever.

Eliezer
Received on Sun Feb 03 2013 - 08:05:12 MST