[squid-users] squid-users Digest, Vol 103, Issue 23

Francisco frizquierdo87 at gmail.com
Thu Mar 30 13:37:15 UTC 2023 

I got the external acl setup to work, it had some bugs but I notice
something that maybe through configuration I can fix.

It's a configuration
external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 negative_ttl=10
children-max=50 children-startup=10 children-idle=5  %LOGIN
/usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr"
--user squidmgr --password squ1dmgr --table "proxy_usuario" --uidcol
"identificador" --usercol "identificador" --cond "overcuote = 1" --debug
acl OVERCUOTE external CHECKOVERCUOTE

It generate: SELECT identificador AS 'user', '' AS 'tag' FROM proxy_usuario
WHERE (identificador = ?) AND overcuote =1
UID queried: 'frizquierdo - ' # when user identifier authenticated on squid
is 'frizquierdo'

The user identifier generated by the ext_sql_session_acl query is made up
of the user identifier +space+ hyphen +space, for example (for
'frizquierdo' identifier, 'frizquierdo - ' is generated), so in the
database it would have to be the user identifier stored in that format.
Is there a directive that guarantees that the parameter is not created that
way?

El mié, 29 mar 2023 a las 8:00, <squid-users-request at lists.squid-cache.org>
escribió:

> Send squid-users mailing list submissions to
>         squid-users at lists.squid-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
>         squid-users-request at lists.squid-cache.org
>
> You can reach the person managing the list at
>         squid-users-owner at lists.squid-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
>    1. Re: squid-users Digest, Vol 103, Issue 22 (Francisco)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Mar 2023 11:46:29 -0400
> From: Francisco <frizquierdo87 at gmail.com>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 22
> Message-ID:
>         <
> CAJXDOba8SokfbZWeG-GidyLb6-r-hJYG__qJCCF6iQ2zQJUE0g at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> In my previous email I was missing part of the text when I sent it, I
> deleted it by mistake.
> This is what I have so far:
>
> I try to make the following config:
> external_acl_type CHECKOVERCUOTE ttl=5 negative_ttl=5 children-max=10
> children-startup=5 %ACL /usr/lib/squid/ext_sql_session_acl --dsn
> "DBI:mysql:database=squidmgr" --user squidmgr --password squidmgr --table
> "proxy_usuario" uidcol "id" --usercol "identificador" --cond "overcuote=1"
> --persist
> acl OVERCUOTE external CHECKOVERCUOTE
>
> http_access allow CONNECT SSL_ports !dominio_cuba usuarios_internet
> macs_red_local red_local !OVERCUOTE
>
> --cond "overcuote=1" is the field in database that it's set to 1 when user
> calc overcuote.
>
> if i try ext_sql_session_acl from terminal, i see:
> ERR message="unknow UID ' '"
>
>
>
> El mar, 28 mar 2023 a las 8:00, <squid-users-request at lists.squid-cache.org
> >
> escribi?:
>
> > Send squid-users mailing list submissions to
> >         squid-users at lists.squid-cache.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://lists.squid-cache.org/listinfo/squid-users
> > or, via email, send a message with subject or body 'help' to
> >         squid-users-request at lists.squid-cache.org
> >
> > You can reach the person managing the list at
> >         squid-users-owner at lists.squid-cache.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of squid-users digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re: squid-users Digest, Vol 103, Issue 21 (Francisco)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Mon, 27 Mar 2023 18:09:10 -0400
> > From: Francisco <frizquierdo87 at gmail.com>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 21
> > Message-ID:
> >         <CAJXDObaQz4X2g=
> > Y5Uh3U6NPmoafA-RygPWMvfED6bEYNszf_uA at mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Sorry, I don't understand how to combine *ext_sql_session_acl* with
> > anothers acl of type dstdomain for example, becasue I need calc user's
> > cuote only for an certains sites (domains, and sites).
> >
> >
> > El lun, 27 mar 2023 a las 8:00, <
> squid-users-request at lists.squid-cache.org
> > >
> > escribi?:
> >
> > > Send squid-users mailing list submissions to
> > >         squid-users at lists.squid-cache.org
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > >         http://lists.squid-cache.org/listinfo/squid-users
> > > or, via email, send a message with subject or body 'help' to
> > >         squid-users-request at lists.squid-cache.org
> > >
> > > You can reach the person managing the list at
> > >         squid-users-owner at lists.squid-cache.org
> > >
> > > When replying, please edit your Subject line so it is more specific
> > > than "Re: Contents of squid-users digest..."
> > >
> > >
> > > Today's Topics:
> > >
> > >    1. Re: squid 5.7 Bad request from parent cache after squid -k
> > >       reconfigure (Amos Jeffries)
> > >
> > >
> > > ----------------------------------------------------------------------
> > >
> > > Message: 1
> > > Date: Mon, 27 Mar 2023 05:05:02 +1300
> > > From: Amos Jeffries <squid3 at treenet.co.nz>
> > > To: squid-users at lists.squid-cache.org
> > > Subject: Re: [squid-users] squid 5.7 Bad request from parent cache
> > >         after squid -k reconfigure
> > > Message-ID: <bfd2a571-02d1-2cff-690c-59caf55a0338 at treenet.co.nz>
> > > Content-Type: text/plain; charset=UTF-8; format=flowed
> > >
> > > On 24/03/2023 2:34 pm, Francisco wrote:
> > > > Hi, (first Iapologize for my English) I have a local squid proxy in
> > > > forward mode, with parent cache. I'm trying calc and restrict
> > > > authenticated users that reach the assigned cuote on certains domains
> > > > and sites, and for that I store the access log into database that
> > > > match determinates ACL.
> > >
> > > > Every one minute run an script that calc http_size for every user
> from
> > > > database (leaving out logs records derived from TCP_HIT_, zero size,
> > > > NONE, etc, etc), and those users that get her assigned limit, I put
> > > > them into a file (that point to an access deny_rule), and make squid
> > > > -k reconfigure.
> > >
> > > Constantly reconfiguring Squid has a large number of side effects such
> > > as the one you noticed. Avoiding that is a good idea.
> > >
> > > I recommend having a table in the database with the details about
> > > whether a user is allowed (or not). The ext_sql_session_acl helper can
> > > check that table to allow/deny users.
> > >  ?<
> > http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html
> > > >
> > >
> > >
> > > HTH
> > > Amos
> > >
> > >
> > > ------------------------------
> > >
> > > Subject: Digest Footer
> > >
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users at lists.squid-cache.org
> > > http://lists.squid-cache.org/listinfo/squid-users
> > >
> > >
> > > ------------------------------
> > >
> > > End of squid-users Digest, Vol 103, Issue 21
> > > ********************************************
> > >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20230327/48f4c47d/attachment-0001.htm
> > >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
> > ------------------------------
> >
> > End of squid-users Digest, Vol 103, Issue 22
> > ********************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20230328/fd60a036/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 103, Issue 23
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230330/cab03651/attachment.htm>

More information about the squid-users mailing list