[squid-users] external acl helpers working with deny_info
Sreenath BH
bhsreenath at gmail.com
Sun Jan 24 16:18:42 UTC 2016
Hi All,
I am trying to validate my understanding of external acl, deny_info
and http_access deny all" interaction.
My squid conf has just two rules. First is external ACL helper and
then the "deny all" as follows:
Case (1)
-----------
external_acl_type my_helper ttl=0 negative_ttl=0 children-max=2 %PATH
/usr/local/bin/acl
acl AclName external my_helper
deny_info 404:ERR_MY_ACL AclName
http_access allow AclName
http_access deny all
--------
I want a default error code of 404 to be returned, along with a custom
error message file being sent.
My observations are as follows:
1. If my external ACL prints OK, it proceeds with processing.
2. If it prints ERR, instead of using the custom message, it proceeds
to next access rule, which is "http_access deny all"
When that fails it prints a default 403 message.
If I remove "deny all" line it works well.
Case (2)
I tried changing "http_access allow" to "http_access deny" follows:
--------
external_acl_type my_helper ttl=0 negative_ttl=0 children-max=2 %PATH
/usr/local/bin/acl
acl AclName external my_helper
deny_info 404:ERR_MY_ACL AclName
http_access deny !AclName
http_access deny all
----------
In this case, whenever the acl helpers send "ERR", it prints the
correct error message.
But now, if it succeeds (prints OK), it goes to next line and fails
there, instead of proceeding with further processing.
Even in this case, removing the next "deny all" will work correctly.
I find is strange that even when external ACL Helper matches and
prints OK, because of the way
the http_access line worded, it does not take it as a pass and goes to
check next http_access line.
Is this expected behavior? Or am I missing something?
thanks,
Sreenath
More information about the squid-users
mailing list