[squid-users] deny_info / url_rewrite_program

Mon Nov 30 21:28:34 UTC 2015

Did you tested your helper in normal command line?
It seems that your helper does something wrong.
Before you run to try and make squid understand your helper make sure 
you understand what it actually does for you.

I am unsure if you don't understand what STDIN\OUT\ERR means or do you 
actually understand what the perl script does.
In any case you must first understand your goals before programming 
anything else.

Eliezer

* I did gave you a way to test your helpers in the IRC channel, try to 
use them. if you need couple examples for url_rewrite it is very easy to 
produce.

On 30/11/2015 23:10, Jens Kallup wrote:
> Hi,
>
> next, the output, followed by the config snippet, the perl script is fixed,
> but don't work - squid shows only Error - Access Denied ...
>
> 2015/11/30 22:00:14.168 kid1| Process Roles: worker
> 2015/11/30 22:00:14.168 kid1| With 65536 file descriptors available
> 2015/11/30 22:00:14.168 kid1| Initializing IP Cache...
> 2015/11/30 22:00:14.168 kid1| DNS Socket created at [::], FD 6
> 2015/11/30 22:00:14.168 kid1| DNS Socket created at 0.0.0.0, FD 8
> 2015/11/30 22:00:14.168 kid1| Adding nameserver fd00::c225:6ff:fe71:2b
> from /etc/resolv.conf
> 2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 0/20
> 'rewrite.pl' processes
> 2015/11/30 22:00:14.168 kid1| helperOpenServers: No 'rewrite.pl'
> processes needed.
> 2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 1/5
> 'basic_ncsa_auth' processes
> 2015/11/30 22:00:14.168 kid1| helperOpenServers: Starting 0/1 'block.sh'
> processes
> 2015/11/30 22:00:14.168 kid1| helperOpenServers: No 'block.sh' processes
> needed.
> 2015/11/30 22:00:14.168 kid1| Logfile: opening log
> /sap/squid/log/access.log
> 2015/11/30 22:00:14.168 kid1| WARNING: log name now starts with a module
> name. Use 'stdio:/sap/squid/log/access.log'

Squid tells you that you have wrong configuration line. ^^^

> 2015/11/30 22:00:14.168 kid1| Unlinkd pipe opened on FD 15
> 2015/11/30 22:00:14.168 kid1| Store logging disabled
> 2015/11/30 22:00:14.168 kid1| Swap maxSize 65536 + 8192 KB, estimated
> 5671 objects
> 2015/11/30 22:00:14.168 kid1| Target number of buckets: 283
> 2015/11/30 22:00:14.168 kid1| Using 8192 Store buckets
> 2015/11/30 22:00:14.168 kid1| Max Mem  size: 8192 KB
> 2015/11/30 22:00:14.168 kid1| Max Swap size: 65536 KB
> 2015/11/30 22:00:14.168 kid1| Rebuilding storage in /sap/var/spool/squid
> (dirty log)
> 2015/11/30 22:00:14.168 kid1| Using Least Load store dir selection
> 2015/11/30 22:00:14.168 kid1| Set Current Directory to /sap/var/spool/squid
> 2015/11/30 22:00:14.168 kid1| Finished loading MIME types and icons.
> 2015/11/30 22:00:14.168 kid1| HTCP Disabled.
> 2015/11/30 22:00:14.168 kid1| Squid plugin modules loaded: 0
> 2015/11/30 22:00:14.168 kid1| Adaptation support is off.
> 2015/11/30 22:00:14.168 kid1| Accepting HTTP Socket connections at
> local=[::]:3128 remote=[::] FD 18 flags=9
> 2015/11/30 22:00:14.168 kid1| Done reading /sap/var/spool/squid swaplog
> (3346 entries)
> 2015/11/30 22:00:14.168 kid1| Finished rebuilding storage from disk.
> 2015/11/30 22:00:14.168 kid1|      2983 Entries scanned
> 2015/11/30 22:00:14.168 kid1|         0 Invalid entries.
> 2015/11/30 22:00:14.168 kid1|         0 With invalid flags.
> 2015/11/30 22:00:14.168 kid1|      2971 Objects loaded.
> 2015/11/30 22:00:14.168 kid1|         0 Objects expired.
> 2015/11/30 22:00:14.168 kid1|         0 Objects cancelled.
> 2015/11/30 22:00:14.168 kid1|         0 Duplicate URLs purged.
> 2015/11/30 22:00:14.168 kid1|        12 Swapfile clashes avoided.
> 2015/11/30 22:00:14.168 kid1|   Took 0.06 seconds (52517.15 objects/sec).
> 2015/11/30 22:00:14.168 kid1| Beginning Validation Procedure
> 2015/11/30 22:00:14.168 kid1|   Completed Validation Procedure
> 2015/11/30 22:00:14.168 kid1|   Validated 2971 Entries
> 2015/11/30 22:00:14.168 kid1|   store_swap_size = 63388.00 KB
> 2015/11/30 22:00:15 kid1| storeLateRelease: released 0 objects
> 2015/11/30 22:00:20 kid1| ALE missing adapted HttpRequest object
> 2015/11/30 22:00:20 kid1| ALE missing URL
> 2015/11/30 22:00:20 kid1| Starting new blocker helpers...
> 2015/11/30 22:00:20 kid1| helperOpenServers: Starting 1/1 'block.sh'
> processes

Your helper was started

> 2015/11/30 22:00:23 kid1| ALE missing adapted HttpRequest object
> 2015/11/30 22:00:23 kid1| ALE missing URL

Your helper did something wrong.

>
>
> # squid config:
> auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth
> /sap/squid/passwd
> auth_param basic utf8 on
> auth_param basic children 5 startup=1 idle=1 concurrency=0
> auth_param basic realm Bitte geben Sie Ihren Benutzernamen und Ihr
> Passwort zur Internet-Authentifizierung ein!
> auth_param basic credentialsttl 60 minutes
> auth_param basic casesensitive on
>
> external_acl_type blocker concurrency=100 ttl=60 negative_ttl=0
> children-max=1 %LOGIN %DST /sap/squid/block.sh
> acl mysql_blocker external blocker
>
> url_rewrite_program /sap/squid/rewrite.pl  # inserted \__ these 2 lines
> have no effect, always, the same behavour
> url_rewrite_access deny mysql_blocker      # inserted /
>
> #deny_info http://www.freenet.de blocker
>
>
> #ther script:
> #!/usr/bin/perl -l
>
> #use strict;
> use warnings;
> use IO::Handle;
> use URI::Escape;
> use DBI;
> use 5.010;
>
> $|=1;                   # don't buffer stdout
>
> while (<>) {            # read line from STDIN (squid input)
>      my ($url, $ip, $slash, $fqdn, $user, $method) = split;
>
>      $url = uri_unescape($url);
>      $nxt = uri_unescape("web.de"); # web.de is definitive blocked
>
>      if ($url eq $nxt) {
>          my $output = "OK status=301 url=\"http://www.freenet.de\"\n";
>          print STDOUT $output;
>      }
>      else {
>          print STDOUT "OK\n";
>      }
> }
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users