[squid-users] external_acl_type wont work

Amos Jeffries squid3 at treenet.co.nz
Sun Mar 6 10:29:29 UTC 2016


On 6/03/2016 8:47 a.m., Baselsayeh wrote:
> hello
> im using external_acl_type with my php script
> squid config:

> external_acl_type session children-max=1 %SRC /home/basel/Desktop/php/php.php -k jj
> acl session_login external session LOGIN
> acl session_is_active external session CHECK
> acl clicked_login_url url_regex -i ^http://www.w3schools.com/
> http_access allow clicked_login_url session_login
> http_access deny !session_is_active
> deny_info 511:/etc/squid/splash.html session_is_active


> php script: http://pastebin.com/HNL3T1wW <http://pastebin.com/HNL3T1wW>  
> 
> nothing gets to php stdin or null values
> so whats the problem?
> 


Lets see:

#1 - using PHP. Which is a terrible for Squid helpers. The PP
interpreters are optimized for short single runs, Squid helpers a
long-term daemons.

#2 - outputting empty line on startup. Will result in (best case)
helpers dying constantly with "unexpected response" errors by Squid, or
(worst case) incorrect alignment between Squid queries and the helper
responses. Resulting in incorrect HTTP behaviour.

#3 - infinite loop. while(1) without any termination/exit/break
condition will result in Squid not being able to shutdown the helper for
reconfigure and log rotation. Eventually blocking any further traffic
through the proxy.

#4 - opening a new stdin FD on each infinite loop cycle. Resulting in a
vast number of FD churning over. see #3

#4b - resource leaks. Not closing stdin pointers allocated in #4. see #3

#5 - using the results of fgets() without checking for existence first.
Passing EOF/false/null to rtrim() will produce an object. see #3

#6 - using integer-converter comparison to compare strings. ($gg == "").
Meet the '===' family of operators in PHP they are your friends.

#7 - using stored-value test on a nil object. Meet isempty(), isset(),
is_null() in PHP they are your friends.

... probably more, but less obvious.

Amos



More information about the squid-users mailing list