[squid-users] squid3.4 - MySQL, PHP script - block websites

Sun Nov 15 20:01:33 UTC 2015

I think it is better to translate this code to c. Contact me, having c will
give you speed and memory savings.
Le 13 nov. 2015 8:22 PM, "Jens Kallup" <jkallup at web.de> a écrit :

> Hello,
>
> I have problems to block web sites  listet in mysql database.
> When i start the script below, it works, but squid3.4 give me log output;
>
> 2015/11/14 01:27:40 kid1| helperHandleRead: unexpected read from
> blockscript #Hlpr0, 3 bytes 'OK
>
> how can i fix that problem ?
>
> Thanks in advice
> Jens
>
> #!/usr/bin/php
> <?php
> $db = new mysqli("<server>", "<user>", "<password>", "<database>");
> if ($db->connect_error > 0) {
>     die(fwrite(STDOUT,"ERR\n"));
> }
> while (!feof(STDIN))
> {
>     $i = trim(fgets(STDIN));
>     $s = explode(" ", $i);
>     $dst = $s[0];
>     $row = array();
>     $query = "SELECT * FROM squid WHERE name = '$dst'";
>     if ($res = $db->query($query)) {
>         $row = $res->fetch_row();
>         $rec = $res->num_rows;
>         if (($row[2] == 1) || ($rec < 1))
>            fwrite(STDOUT,"ERR\n"); else
>            fwrite(STDOUT,"OK\n");
>         $res->close();
>     }
> }
> $db->close();
> ?>
>
>
> this is my squid.config
>
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /sap/squid/passwd
> auth_param basic children 4
> auth_param basic utf8 on
> auth_param basic realm Bitte geben Sie Ihren Benutzernamen und Passwort
> fuer die Internetberechtigung ein!
> auth_param basic credentialsttl 60 minutes
> auth_param basic casesensitive on
> external_acl_type blockscript %DST /usr/bin/php /sap/squid/block.php
> acl localnet src 192.168.178.7
> acl ncsa_users proxy_auth REQUIRED
> acl mysql_block external blockscript
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access deny mysql_block
> http_access allow localhost ncsa_users
> http_access allow localnet  ncsa_users
> # And finally deny all other access to this proxy
> http_access deny all
> http_port 3128
> cache_mgr jkallup at web.de
> cache_effective_user squid
> # We recommend you to use at least the following line.
> hierarchy_stoplist cgi-bin ?
> cache_dir ufs /sap/var/spool/squid 64 16 128
> cache_access_log /sap/squid/log/access.log
> cache_log        /sap/squid/log/cache.log
> cache_store_log  /sap/squid/log/store.log
> # Leave coredumps in the first cache dir
> coredump_dir /sap/var/spool/squid
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:           1440    20% 10080
> refresh_pattern ^gopher:        1440    0%  1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20% 4320
> logformat squid  %tl.%03tu %6tr %>a %un %Ss/%03>Hs %<st %rm %ru %Sh/%<A %mt
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151115/24334948/attachment-0001.html>