Re: [squid-users] external_acl doesn't work after upgrade debian 6 squid 2.7 to debian 7 squid 3.1.20

From: Thomas Stegbauer <mailingliste1_at_stegbauer.info>
Date: Tue, 10 Dec 2013 22:52:53 +0100

Am 03.09.2013 13:40, schrieb Amos Jeffries:
> On 3/09/2013 4:25 a.m., Thomas Stegbauer wrote:
>>
>> Hi,
>>
>> i upgraded a Debian 6.0 with Squid 2.7 to Debian 7.1 with Squid 3.1.20.
>>
>> We have an external ACL included like this:
>> external_acl_type phpauthscript protocol=2.5 children=100 ttl=0
>> negative_ttl=0 %SRC /etc/squid3/authscript
>>
>> The script updates an MySQL database with the hits of a user, where the
>> user get looked up by the clientip.
>>
>> This worked fine on Debian 5 and Debian 6 with squid 2.7.
>>
>> But on Debian 7 this stopps working, as the authscript dies as it not
>> gets the IP-Adress.
>
> Um. SRC always exists, so something else is going on here. What is
> cache.log saying to you when the helper dies?
>
> Amos

Hi Amos,

sorry for my delay. it seems my webapp is unable to create correct text
eMails.

Today i modified the external_acl php script to safe STDIN to a file
and also the startup in squid.conf.
It looks like only one process (the first?) get the SRC via STDIN. The
other process doesn't get anything.

the script from my colleague before looks starts like this:

In the cache.log i see only "Lesefehler Test ts" which is correct
behaviour, it it doesn't get the ClientIP

Any ideas?

Thomas

#!/usr/bin/php
<?
require("/etc/squid3/config_squid.inc.php"); // Konfiguration laden

// Verbindung zur Datenbank
$db = mysql_pconnect($mysqlhost,$mysqluser,$mysqlpw) or die("Keine
Verbindung zur Datenbank");
mysql_select_db($mysqldb);

$ZUFALL = rand();
$handle = fopen("/tmp/squid3-auth".$ZUFALL.".log", "a+");

// Endlosschleife zum Abwarten der Übergaben von Squid
while(1) {
         // Einlesen einer Zeile von STDIN
         $line = trim(fgets(STDIN));
         fwrite($handle, $line);
         // Fehler beim Einlesen? Script beenden
         if(!$line) {
                 fclose($handle);
                 die("Lesefehler Test ts");
// mit Squid3 kommt in 50% keine IP?
// echo(sprintf($authok,"nobody"));
         }
         $ip = $line;

         // Abfrage der Authtable ob Benutzer angemeldet ist
         $q = mysql_query("SELECT uname,ttl FROM ".$mysqlauthtable."
WHERE ip='$ip'");
         $array = mysql_fetch_array($q);

...
Received on Tue Dec 10 2013 - 21:53:11 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 11 2013 - 12:00:05 MST