On Tue, 19 Jul 2011 12:57:27 -0700, Zael Rey wrote:
> Hello there I',m working in a script to filter with squid using:
>
> external_acl_type myAclType %SRC %URI
> /home/konrad/testing/myexternalacltype.pl
> acl MyAcl external myAclType
> http_access allow MyAcl
>
> this is the script I have and for some reason its not working :
>
> #!/usr/bin/perl -w
> $|=1;
> open(STDERR, ">/tmp/external_acl.log");
STDERR gets sent to squid cache.log by default. No need for this.
> select(STDERR); $| = 1; # make unbuffered
> select(STDOUT); $| = 1; # make unbuffered
> print STDERR "INI: $$\n\n";;
>
>
> use MIME::Base64 ();
> while (<>) {
> print STDERR "<--- $_\n\n";;
> print "ERR\n";
> }
>
> Its supposed to block when it has ERR but it does not, it allows
> always can you tell my whats wrong pls.
No. ERR means only that the ACL does not match. Will not be used, try
another line, do not pass go.
OK/ERR == true/false.
Syntax is:
http_access $ACTION $BOOLEAN-CONDITION
So "http_access ** MyAcl" is a rule about what to do when MyACL is
true. "OK".
the NOT operator (!) can be added, or the allow/deny action can be
changed. Giving you three outcomes of one line. ALLOWED/DENIED/SKIP.
<snip>
> 2011/07/19 11:42:32| helperHandleRead: 4 bytes from myAclType #1.
> 2011/07/19 11:42:32| commSetSelect: FD 7 type 1
> 2011/07/19 11:42:32| commSetEvents(fd=7)
> 2011/07/19 11:42:32| helperHandleRead: 'ERR
> '
> 2011/07/19 11:42:32| helperHandleRead: end of reply found: ERR
>
<snip>
> 2011/07/19 11:42:32| cbdataValid: 0xb94307e0
> 2011/07/19 11:42:32| aclCheck: checking 'http_access deny MyAcl'
The cache.log also indicates that your earlier statement about
squid.conf was wrong.
The rule "http_access deny MyAcl" will block, whenever the ACL matches
(ie produces "OK"). Otherwise it will be SKIP.
Amos
Received on Wed Jul 20 2011 - 01:34:41 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 12:00:03 MDT