[squid-users] deny_info / url_rewrite_program

Jens Kallup jkallup at web.de
Mon Nov 30 21:10:14 UTC 2015


Hi,

next, the output, followed by the config snippet, the perl script is fixed,
but don't work - squid shows only Error - Access Denied ...

2015/11/30 22:00:14.168 kid1| Process Roles: worker
2015/11/30 22:00:14.168 kid1| With 65536 file descriptors available
2015/11/30 22:00:14.168 kid1| Initializing IP Cache...
2015/11/30 22:00:14.168 kid1| DNS Socket created at [::], FD 6
2015/11/30 22:00:14.168 kid1| DNS Socket created at 0.0.0.0, FD 8
2015/11/30 22:00:14.168 kid1| Adding nameserver fd00::c225:6ff:fe71:2b 
from /etc/resolv.conf
2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 0/20 
'rewrite.pl' processes
2015/11/30 22:00:14.168 kid1| helperOpenServers: No 'rewrite.pl' 
processes needed.
2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 1/5 
'basic_ncsa_auth' processes
2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 0/1 'block.sh' 
processes
2015/11/30 22:00:14.168 kid1| helperOpenServers: No 'block.sh' processes 
needed.
2015/11/30 22:00:14.168 kid1| Logfile: opening log /sap/squid/log/access.log
2015/11/30 22:00:14.168 kid1| WARNING: log name now starts with a module 
name. Use 'stdio:/sap/squid/log/access.log'
2015/11/30 22:00:14.168 kid1| Unlinkd pipe opened on FD 15
2015/11/30 22:00:14.168 kid1| Store logging disabled
2015/11/30 22:00:14.168 kid1| Swap maxSize 65536 + 8192 KB, estimated 
5671 objects
2015/11/30 22:00:14.168 kid1| Target number of buckets: 283
2015/11/30 22:00:14.168 kid1| Using 8192 Store buckets
2015/11/30 22:00:14.168 kid1| Max Mem  size: 8192 KB
2015/11/30 22:00:14.168 kid1| Max Swap size: 65536 KB
2015/11/30 22:00:14.168 kid1| Rebuilding storage in /sap/var/spool/squid 
(dirty log)
2015/11/30 22:00:14.168 kid1| Using Least Load store dir selection
2015/11/30 22:00:14.168 kid1| Set Current Directory to /sap/var/spool/squid
2015/11/30 22:00:14.168 kid1| Finished loading MIME types and icons.
2015/11/30 22:00:14.168 kid1| HTCP Disabled.
2015/11/30 22:00:14.168 kid1| Squid plugin modules loaded: 0
2015/11/30 22:00:14.168 kid1| Adaptation support is off.
2015/11/30 22:00:14.168 kid1| Accepting HTTP Socket connections at 
local=[::]:3128 remote=[::] FD 18 flags=9
2015/11/30 22:00:14.168 kid1| Done reading /sap/var/spool/squid swaplog 
(3346 entries)
2015/11/30 22:00:14.168 kid1| Finished rebuilding storage from disk.
2015/11/30 22:00:14.168 kid1|      2983 Entries scanned
2015/11/30 22:00:14.168 kid1|         0 Invalid entries.
2015/11/30 22:00:14.168 kid1|         0 With invalid flags.
2015/11/30 22:00:14.168 kid1|      2971 Objects loaded.
2015/11/30 22:00:14.168 kid1|         0 Objects expired.
2015/11/30 22:00:14.168 kid1|         0 Objects cancelled.
2015/11/30 22:00:14.168 kid1|         0 Duplicate URLs purged.
2015/11/30 22:00:14.168 kid1|        12 Swapfile clashes avoided.
2015/11/30 22:00:14.168 kid1|   Took 0.06 seconds (52517.15 objects/sec).
2015/11/30 22:00:14.168 kid1| Beginning Validation Procedure
2015/11/30 22:00:14.168 kid1|   Completed Validation Procedure
2015/11/30 22:00:14.168 kid1|   Validated 2971 Entries
2015/11/30 22:00:14.168 kid1|   store_swap_size = 63388.00 KB
2015/11/30 22:00:15 kid1| storeLateRelease: released 0 objects
2015/11/30 22:00:20 kid1| ALE missing adapted HttpRequest object
2015/11/30 22:00:20 kid1| ALE missing URL
2015/11/30 22:00:20 kid1| Starting new blocker helpers...
2015/11/30 22:00:20 kid1| helperOpenServers: Starting 1/1 'block.sh' 
processes
2015/11/30 22:00:23 kid1| ALE missing adapted HttpRequest object
2015/11/30 22:00:23 kid1| ALE missing URL


# squid config:
auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth 
/sap/squid/passwd
auth_param basic utf8 on
auth_param basic children 5 startup=1 idle=1 concurrency=0
auth_param basic realm Bitte geben Sie Ihren Benutzernamen und Ihr 
Passwort zur Internet-Authentifizierung ein!
auth_param basic credentialsttl 60 minutes
auth_param basic casesensitive on

external_acl_type blocker concurrency=100 ttl=60 negative_ttl=0 
children-max=1 %LOGIN %DST /sap/squid/block.sh
acl mysql_blocker external blocker

url_rewrite_program /sap/squid/rewrite.pl  # inserted \__ these 2 lines 
have no effect, always, the same behavour
url_rewrite_access deny mysql_blocker      # inserted /

#deny_info http://www.freenet.de blocker


#ther script:
#!/usr/bin/perl -l

#use strict;
use warnings;
use IO::Handle;
use URI::Escape;
use DBI;
use 5.010;

$|=1;                   # don't buffer stdout

while (<>) {            # read line from STDIN (squid input)
     my ($url, $ip, $slash, $fqdn, $user, $method) = split;

     $url = uri_unescape($url);
     $nxt = uri_unescape("web.de"); # web.de is definitive blocked

     if ($url eq $nxt) {
         my $output = "OK status=301 url=\"http://www.freenet.de\"\n";
         print STDOUT $output;
     }
     else {
         print STDOUT "OK\n";
     }
}



More information about the squid-users mailing list