[squid-users] External ACL

Amos Jeffries squid3 at treenet.co.nz
Wed May 24 13:11:12 UTC 2017

On 24/05/17 01:02, avi_h wrote:
> Hi Amos,
> Thanks for your reply.
> What I mean is that so far I only used squid_db_auth and it works great but
> now I have a need to allow certain IPs on top of allowing users.
> Since the IPs are not constant, I need a way to handle the allowed IPs
> dynamically.

Ah, okay.

So, I'm a little hesitant to advise this since it is not clear why the 
shell script is operating so bad - the same problem might still occur if 
it wasn't the script itself...

Anyway, I recommend trying the ext_sql_session_acl helper. Your use-case 
is almost exactly the one  wrote it for. It uses arbitrary database 
table of "keys" (eg the %SRC IP addresses in this case) so you can 
manage the list of IPs in DB the same as you do for the auth user accounts.

> As for the amount of traffic, there is no traffic on this server at the
> moment, I'm only using it for testing.
> As for the http_access, I have the following:
> http_access allow localnet
> http_access allow localhost
> http_access allow allowed_ips
> I even commented out localnet for the test and it didn't work.
> Any other ideas other than the fact its in bash?

Not really. Bash should normally work fine, the SMB auth helpers are 
pretty much the same to what you wrote - just calling other applications 
than grep. So I'm very puzzled about what is going wrong there myself.


More information about the squid-users mailing list