[squid-users] URL list from a URL
Jason B. Nance
jason at tresgeek.net
Wed Mar 22 14:43:45 UTC 2017
Thank you. In regards to the external ACL helper, would I basically say something like:
external_acl_type foo %URL /path/to/my/helper
And then have my helper compare the contents of %URL to the mirror list and spit out "OK" for pass or "ERR" for fail?
Thanks,
j
----- Original Message -----
From: "Alex Rousskov" <rousskov at measurement-factory.com>
To: squid-users at lists.squid-cache.org
Cc: "Jason Nance" <jason at tresgeek.net>
Sent: Tuesday, March 21, 2017 4:42:33 PM
Subject: Re: [squid-users] URL list from a URL
On 03/21/2017 02:30 PM, Jason B. Nance wrote:
> I should have mentioned that I'm not caching, I'm only using Squid
> for whitelisting in this case. Would you still say this is the right
> path?
No. You probably have two better options:
1. Use a file with list of mirror URLs as an ACL parameter. Write a
script that updates that file and reconfigures Squid as needed. Please
keep in mind that Squid reconfiguration is currently a relatively
heavy/intrusive operation, even if there were not changes except for
that single ACL.
2. Write an external_acl helper that will consult the mirror list. This
will make each HTTP transaction a little slower (because it needs to go
to the helper) but eliminates reconfigurations. The helper itself or
some other script will still need to update the mirror list as needed,
of course.
HTH,
Alex.
>> Hello,
>>
>> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which retrieves the list of URLs from another URL (similar to pointing to a file). In this specific use case it is to allow a Foreman server to sync Yum content from the CentOS mirrors. I tell Foreman to use the following URL:
>>
>> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
>>
>> Which returns a list of URLs, such as:
>>
>> http://repo1.dal.innoscale.net/centos/7.3.1611/updates/x86_64/
>> http://linux.mirrors.es.net/centos/7.3.1611/updates/x86_64/
>> http://reflector.westga.edu/repos/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.jax.hugeserver.com/centos/7.3.1611/updates/x86_64/
>> http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.nexcess.net/CentOS/7.3.1611/updates/x86_64/
>> http://mirror.web-ster.com/centos/7.3.1611/updates/x86_64/
>> http://centos.host-engine.com/7.3.1611/updates/x86_64/
>> http://mirror.raystedman.net/centos/7.3.1611/updates/x86_64/
>> http://mirror.linux.duke.edu/pub/centos/7.3.1611/updates/x86_64/
>>
>> Foreman then starts a new HTTP connection (not a redirect) to attempt to connect to those in turn until it works.
>>
>> So I would like to configure Squid to allow the Foreman server access to any of those URLs (the list changes somewhat often).
>>
>> I started to go down the external_acl_type but am wondering if I'm missing something obvious.
More information about the squid-users
mailing list