[squid-dev] External ACL Feed, helper?

Eliezer Croitor ngtech1ltd at gmail.com
Tue Jul 7 17:00:26 UTC 2020 

Hoo nooo a typo!!!

Alex I was talking about external lists automatic update and reconfigure.

The scenario I was talking about is the next:
An admin have a specific set of ACL's such as a regex or src/ds tip
addresses etc.

I do not know if a squid reconfiguration is faster or more efficient then
other pieces of software however,
it's usable enough to ignore partial reconfiguration for the next couple
years..

I am 100% sure and believe that there are proxy admins that would like to be
able to configure 
one squid.conf with specific ACLS and logic and later to only maintain the
content of these ACLs.
An ACL list content can be maintained by other vendors as well while the
Admin can move on to other more important tasks.

Ie let say I have a set of regex for sni which are bypassed or IP addresses
that are allowed etc...
Then with an automated update script that will validate that an update is
possible and required, an update and reconfiguration will be applied.

Does it makes more sense now?

Thanks,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
Sent: Tuesday, July 7, 2020 4:54 PM
To: Eliezer Croitor; squid-dev at lists.squid-cache.org
Subject: Re: [squid-dev] External ACL Feed, helper?

On 7/7/20 1:08 AM, Eliezer Croitor wrote:

> I think that many proxy admins would like to have a script that will
> help them to update their ACLs from a feed.
> 
> Ie they have a DB or a GIT repository that contains their ACLs data like
> IP addresses, domain names, sni patterns etc.

* External ACL updates without Squid reconfiguration is available today.

* Built-in ACL updates via Squid reconfiguration is available today.

* Built-in ACL updates without full Squid reconfiguration is planned,
but it is a relatively complex low-priority project with no ETA.
Sponsors welcome.


> Would it be possible to add such helper to the project sources?

If you are talking about a script that will automatically update an
external ACL helper configuration file based on DB/git/etc. interaction,
then I do not think it is a good idea to add such a script to the Squid
repository because such a script will have virtually no Squid-specific
code (and a lot of environment/business logic specifics that would be
impossible to properly support in a simple sample script).

If you are talking about built-in ACL updates without full Squid
reconfiguration (i.e. the last bullet above), then such a feature does
not need an external Squid helper. It needs Squid code enhancements.
Most likely, it will be triggered by a standard reconfiguration signal
(but will zero-in on changed ACL parameter files by comparing file
timestamps).


Thank you,

Alex.

More information about the squid-dev mailing list