[squid-users] Fwd: cache_peer_access by dynamic ACL

Alexeyяр Gruzdov my.shellac at gmail.com
Wed Apr 26 12:08:26 UTC 2023 

Oh... Looks like I just need to send as answer the list of my policy acl,
for example

user1 wanted to go over peer1 and peer3
the answer from external script must be like  "OK proxy=peer1 proxy=peer3"
and looks like it works well like I need. User will go over peer1 and peer3
only by round-robin.

ср, 26 апр. 2023 г. в 15:40, Alexeyяр Gruzdov <my.shellac at gmail.com>:

> Hello!
> Yes!
> Thank you!
>
>
> One more question pls:
>
> For example I have five of cache_peers and ACL associated  with some cache
> peer.
> As you know - I used the my external ACL script and now I can put the
> policy to answer fo my script and squid will get an answer and used the
> correct ACL for username.
> For example answer is  "OK  proxy=peer1"  and user will be used the
> cache_peer1, or if "OK proxy=all" and user will go over all of cache_peers
> by round-robin.
> All works well.
> But how I can put something like a list of ACL for user ?  for example  I
> want that some one user can go over peer1 and peer3 only, by round robin,
> but will be denied over peer2. peer4, peer5. Of course better using
> external ACL (as DB ). What do you think?
>
>
>
>
>
>
> пн, 24 апр. 2023 г. в 18:07, Alex Rousskov <
> rousskov at measurement-factory.com>:
>
>> On 4/23/23 14:28, Alexeyяр Gruzdov wrote:
>>
>> > One more may be last thing:  - I found the strange behavior  - if I
>> make
>> > changes at my ext ACL script (its python ) and then "squid -k
>> > reconfigure"  then I can see that my script appears in the "TOP" of
>> > process and loads CPU to 100%
>>
>> Check how your ACL script reacts to stdin closure/EOF. The script should
>> quit but probably does not. Same for any stdin reading errors. On EOF,
>> the script should use exit code zero. All these things are easy to test
>> on the command line (without Squid).
>>
>> Alex.
>>
>> > вс, 23 апр. 2023 г. в 16:36, Amos Jeffries <squid3 at treenet.co.nz
>> > <mailto:squid3 at treenet.co.nz>>:
>> >
>> >     On 23/04/2023 5:27 pm, Alexeyяр Gruzdov wrote:
>> >      > Hello Guys!
>> >      > Thank you very much! For now all works like I needed!
>> >      >
>> >      > But I have an one more  questions about how I could to use the
>> >     kv-pair:
>> >     ...
>> >      > and then ACL with “note proxy all “
>> >      > But how the kv-pair must to be looked for this my tag ?
>> >      >
>> >      > I have tried to get answer from my ext script like
>> >      > “OK”
>> >      > “proxy=all”
>> >      >
>> >      > But looks like it’s not correct
>> >      >
>> >
>> >     This part of the instructions were missed:
>> >     https://wiki.squid-cache.org/Features/AddonHelpers#helper-protocols
>> >     <
>> https://wiki.squid-cache.org/Features/AddonHelpers#helper-protocols>
>> >     "
>> >     For every line sent by Squid exactly one line is expected back. Some
>> >     script language such as perl and python need to be careful about the
>> >     number of newlines in their output.
>> >     "
>> >
>> >     If your helper received something like this (with concurrency
>> >     channel-id
>> >     "1"):
>> >
>> >        "1 bob 192.0.2.1"
>> >
>> >     It should produce a line like:
>> >         "1 OK proxy=all"
>> >
>> >     If no concurrency channel-id is received, then output is the same
>> but
>> >     without sending channel-id back and MUST be sent in same order as
>> >     received.
>> >
>> >     I do recommend using concurrency. It can help further debug issues
>> with
>> >     helpers responding incorrectly.
>> >
>> >     HTH
>> >     Amos
>> >
>> >     _______________________________________________
>> >     squid-users mailing list
>> >     squid-users at lists.squid-cache.org
>> >     <mailto:squid-users at lists.squid-cache.org>
>> >     http://lists.squid-cache.org/listinfo/squid-users
>> >     <http://lists.squid-cache.org/listinfo/squid-users>
>> >
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230426/eaba13e5/attachment.htm>

More information about the squid-users mailing list