[squid-users] dynamic group using URI as group name on external acl with ext_ldap_group_acl
Amos Jeffries
squid3 at treenet.co.nz
Wed Aug 24 13:32:13 UTC 2016
On 24/08/2016 4:24 a.m., Diogenes S. Jesus wrote:
>>>> If you want to do things like this safely please upgrade to Squid-4
>>>> where the logformat codes are available. Those codes provide
>>>> customizable escaping and quoting styles so you can set one that
>>>> protects LDAP against these attacks to be ued on the URI field value
>>>> sent by Squid.
>>>
>>> You mean these <http://www.squid-cache.org/Doc/config/logformat/>
>>> logformats are available to be used in acl / external acls @ squid.conf?
>> Or?
>>>
>>
>> Yes. I'm trying to get all the things in squid.conf that take/use a
>> custom format to use the logformat code system. Squid-4 is the
>> external_acl_type directives turn.
>>
>> All of them are available for use in the %FORMAT field. It only depends
>> on whether the data any given code outputs exists at the point of
>> transaction where your ACL gets used.
>>
>> Amos
>>
>>
> Cool. I've compiled the latest beta of squid4 and tested. I was able to
> move to "%>rd", the following works:
>
Doh!. Thanks for the patch it has now been applied to Squid-4.
Amos
More information about the squid-users
mailing list