[squid-users] Cannot get Squid to start with external ACL in config
Alex Rousskov
rousskov at measurement-factory.com
Tue Apr 25 18:32:36 UTC 2023
On 4/25/23 13:49, deennyycsgo wrote:
> Hello, I'm having an issue configuring an external ACL, the error i get is:
>
> Can't use proxy auth because no authentication schemes are fully configured.
> FATAL: ERROR: Invalid ACL: acl ext_acl external acl_name
Unfortunately, Squid requires at least one authentication scheme to be
explicitly configured in squid.conf _before_ the first %LOGIN use. The
existing error reporting does not make that fact clear enough IMHO.
To avoid the above two errors:
* either add "auth_param" directive(s) _above_ all external ACL
declarations that use a %LOGIN format code;
* or remove %LOGIN (which probably will not contain anything useful
without authentication configured anyway!).
HTH,
Alex.
> Here is my config: acl SSL_ports port 443 acl Safe_ports port 80 acl
> Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl
> Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port
> 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port
> 777 acl CONNECT method CONNECT external_acl_type acl_name %SRC %LOGIN
> %DST /etc/squid/ext_acl.py acl ext_acl external acl_name http_access
> allow ext_acl http_access deny !Safe_ports http_access deny CONNECT
> !SSL_ports http_access allow localhost manager http_access deny manager
> http_access allow localhost http_access deny all http_port 3128
> coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440
> 20% 10080 refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern .
> 0 20% 4320
>
> And here is the python script:
> #!/usr/bin/python3
> import sys
> import logging
> import time
>
> def grant ():
> sys.stdout.write('OK\n')
> sys.stdout.flush()
>
> def deny ():
> sys.stdout.write('ERR\n')
> sys.stdout.flush()
>
> while True:
> line = sys.stdin.readline().strip()
> if line:
> deny()
> else:
> time.sleep( 1 )
>
> The python script has 777 permissions and is owned by the proxy user.
> Running it through the terminal results in expected output and expected
> behaviour.
>
> I'm running Squid version 4.10 on Ubuntu Server 20.04 Thanks in advance!
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list