[squid-users] URL list from a URL

Wed Mar 22 16:10:07 UTC 2017

On 03/22/2017 09:25 AM, Eliezer Croitoru wrote:

> I didn't meant by convert the StoreID helper to convert it into an external_acl helper....
> It has both OK and ERR and a "checklist" which would be a match or not.

Sigh. The combination of your answers does not make any sense to me.
Squid does not use StoreID helpers to block access, regardless of what a
StoreID helper returns. It is certainly possible to take some StoreID
helper code and make an external_acl helper out of it, but that falls
under my option #2.

Perhaps what you meant to say is something like "Use StoreID helper X
available at Y to implement option #2 -- that X code has everything you
need!"?

Alex.

> -----Original Message-----
> From: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
> Sent: Wednesday, March 22, 2017 3:51 PM
> To: squid-users at lists.squid-cache.org
> Cc: Eliezer Croitoru <eliezer at ngtech.co.il>
> Subject: Re: [squid-users] URL list from a URL
> 
> On 03/21/2017 06:17 PM, Eliezer Croitoru wrote:
>> The current StoreID helper can be converted pretty fast into what he needs.
> 
> Jason needs to block access. How can a [converted] StoreID helper block
> access without becoming an external_acl helper?
> 
> Alex.
> 
>> -----Original Message-----
>> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Rousskov
>> Sent: Tuesday, March 21, 2017 11:43 PM
>> To: squid-users at lists.squid-cache.org
>> Subject: Re: [squid-users] URL list from a URL
>>
>> On 03/21/2017 02:30 PM, Jason B. Nance wrote:
>>
>>> I should have mentioned that I'm not caching, I'm only using Squid
>>> for whitelisting in this case.  Would you still say this is the right
>>> path? 
>>
>> No. You probably have two better options:
>>
>> 1. Use a file with list of mirror URLs as an ACL parameter. Write a
>> script that updates that file and reconfigures Squid as needed. Please
>> keep in mind that Squid reconfiguration is currently a relatively
>> heavy/intrusive operation, even if there were not changes except for
>> that single ACL.
>>
>> 2. Write an external_acl helper that will consult the mirror list. This
>> will make each HTTP transaction a little slower (because it needs to go
>> to the helper) but eliminates reconfigurations. The helper itself or
>> some other script will still need to update the mirror list as needed,
>> of course.
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>>
>>
>>>> Hello,
>>>>
>>>> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which retrieves the list of URLs from another URL (similar to pointing to a file).  In this specific use case it is to allow a Foreman server to sync Yum content from the CentOS mirrors.  I tell Foreman to use the following URL:
>>>>
>>>> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
>>>>
>>>> Which returns a list of URLs, such as:
>>>>
>>>> http://repo1.dal.innoscale.net/centos/7.3.1611/updates/x86_64/
>>>> http://linux.mirrors.es.net/centos/7.3.1611/updates/x86_64/
>>>> http://reflector.westga.edu/repos/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.jax.hugeserver.com/centos/7.3.1611/updates/x86_64/
>>>> http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.nexcess.net/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.web-ster.com/centos/7.3.1611/updates/x86_64/
>>>> http://centos.host-engine.com/7.3.1611/updates/x86_64/
>>>> http://mirror.raystedman.net/centos/7.3.1611/updates/x86_64/
>>>> http://mirror.linux.duke.edu/pub/centos/7.3.1611/updates/x86_64/
>>>>
>>>> Foreman then starts a new HTTP connection (not a redirect) to attempt to connect to those in turn until it works.
>>>>
>>>> So I would like to configure Squid to allow the Foreman server access to any of those URLs (the list changes somewhat often).
>>>>
>>>> I started to go down the external_acl_type but am wondering if I'm missing something obvious.
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 