[squid-users] How to execute external helpers for each request ?

hoper at free.fr hoper at free.fr
Tue Jun 22 09:20:59 UTC 2021


Hi,

I have a big problem here. If someone know well squid helpers and external acl, please take a look.
We are using a database with a list of user, and the proxy they need to use.

So in squid.conf file, we declare an external acl:

-------------------------------------------------
auth_param basic program /mydir/myprogram.sh
auth_param basic children 10 startup=1 idle=3
auth_param basic realm myrealm
auth_param basic credentialsttl 2 minutes
-------------------------------------------------

program.sh will check the login/password given by the user.
again the ones found in the database. And, if the authentication
is sucessfull, it also write on stdout the proxy we need to use for this user.

Example (If this user need to use the proxy number 2):
OK proxychoice=p2

If the squid configuration file, we also include another file,
which look like this :

-----------------------------------------------------------------
cache_peer 10.0.0.1 parent 3128 0 no-query no-digest name=proxy1
acl p1auth note proxychoice p1
cache_peer_access proxy1 allow p1auth
http_access allow authenticated p1auth
cache_peer_access proxy1 deny all

cache_peer 10.0.0.2 parent 3128 0 no-query no-digest name=proxy2
acl p2auth note proxychoice p2
cache_peer_access proxy2 allow p2auth
http_access allow authenticated p2auth
cache_peer_access proxy2 deny all
-----------------------------------------------------------------

This configuration is working. The parent proxy used by squid is the good one.
BUT: If we change the configuration (proxy for a user) in the database,
the change is not take into account until we fully restart squid :(
(Even squid -k reconfigure does not work).

Please, any ideas ? What can we do to make this "dynamic" ? 

Any change in the database should be taken into account immediatly.
First I though it was link to credentialsttl value, but no.
No changes happens until a full restart :(

Thanks.


More information about the squid-users mailing list