[squid-users] url_rewrite_program and ACLs

Amos Jeffries squid3 at treenet.co.nz
Wed Nov 8 16:21:38 UTC 2017


On 09/11/17 03:12, Vieri wrote:
> Thanks. I defined the following, and it worked as expected:
> 
> url_rewrite_access deny allowed_domains
> url_rewrite_access deny allowed_ips
> url_rewrite_program /usr/bin/squidGuard
> url_rewrite_children 80 startup=10 idle=3
> 
> 
> How can I rewrite a URL in squid without a helper such as SG?
> ie. how can emulate SG's "rew" in squid.conf?

That depends on the rew(rite) substitutions being made, and more 
specifically what your intended end-goal behind having it was.

Usually what it is used for is emulate the denial of a request, or to 
redirect it somewhere specific.


* Denial is better done by "http_access deny ...". No rewrite/redirect 
necessary at all.

* Redirect is better done by using deny_info to change what action 
'deny' means for a particular ACL. Like so:

  acl foo ...
  http_access deny foo
  deny_info 302:http://example.com/ foo

In Squid-3.2+ the deny_info URL portion can use logformat macros for 
dynamic redirection - like the "rew" substitutions only changing 
portions of the URL.

Time constraints are added by using a time ACL on the original *_access 
line to limit when the foo ACL gets checked (aka. takes effect).


NP: The SG documented example for use of "rew" (diverting traffic to a 
local server during work hours) is better performed by a cache_peer 
directing traffic to a local server, and cache_peer_access ACLs 
determining what and when traffic gets delivered there. No denials, 
redirects, or rewrites necessary.


Amos


More information about the squid-users mailing list