<div dir="ltr"><div>I got the external acl setup to work, it had some bugs but I notice something that maybe through configuration I can fix.</div><div><br></div><div>It's a configuration<br></div><div>external_acl_type CHECKOVERCUOTE concurrency=100 ttl=3 negative_ttl=10 children-max=50 children-startup=10 children-idle=5 %LOGIN /usr/lib/squid/ext_sql_session_acl --dsn "DBI:mysql:database=squidmgr" --user squidmgr --password squ1dmgr --table "proxy_usuario" --uidcol "identificador" --usercol "identificador" --cond "overcuote = 1" --debug<br>acl OVERCUOTE external CHECKOVERCUOTE</div><div><br></div><div>It generate: SELECT identificador AS 'user', '' AS 'tag' FROM proxy_usuario WHERE (identificador = ?) AND overcuote =1</div><div>UID queried: 'frizquierdo - ' # when user identifier authenticated on squid is 'frizquierdo'<br></div><br>The user identifier generated by the ext_sql_session_acl query is made up of the user identifier +space+ hyphen +space, for example (for 'frizquierdo' identifier, 'frizquierdo - ' is generated), so in the database it would have to be the user identifier stored in that format.<br>Is there a directive that guarantees that the parameter is not created that way?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El mié, 29 mar 2023 a las 8:00, <<a href="mailto:squid-users-request@lists.squid-cache.org">squid-users-request@lists.squid-cache.org</a>> escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send squid-users mailing list submissions to<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:squid-users-owner@lists.squid-cache.org" target="_blank">squid-users-owner@lists.squid-cache.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: squid-users Digest, Vol 103, Issue 22 (Francisco)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 28 Mar 2023 11:46:29 -0400<br>
From: Francisco <<a href="mailto:frizquierdo87@gmail.com" target="_blank">frizquierdo87@gmail.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 22<br>
Message-ID:<br>
<<a href="mailto:CAJXDOba8SokfbZWeG-GidyLb6-r-hJYG__qJCCF6iQ2zQJUE0g@mail.gmail.com" target="_blank">CAJXDOba8SokfbZWeG-GidyLb6-r-hJYG__qJCCF6iQ2zQJUE0g@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
In my previous email I was missing part of the text when I sent it, I<br>
deleted it by mistake.<br>
This is what I have so far:<br>
<br>
I try to make the following config:<br>
external_acl_type CHECKOVERCUOTE ttl=5 negative_ttl=5 children-max=10<br>
children-startup=5 %ACL /usr/lib/squid/ext_sql_session_acl --dsn<br>
"DBI:mysql:database=squidmgr" --user squidmgr --password squidmgr --table<br>
"proxy_usuario" uidcol "id" --usercol "identificador" --cond "overcuote=1"<br>
--persist<br>
acl OVERCUOTE external CHECKOVERCUOTE<br>
<br>
http_access allow CONNECT SSL_ports !dominio_cuba usuarios_internet<br>
macs_red_local red_local !OVERCUOTE<br>
<br>
--cond "overcuote=1" is the field in database that it's set to 1 when user<br>
calc overcuote.<br>
<br>
if i try ext_sql_session_acl from terminal, i see:<br>
ERR message="unknow UID ' '"<br>
<br>
<br>
<br>
El mar, 28 mar 2023 a las 8:00, <<a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a>><br>
escribi?:<br>
<br>
> Send squid-users mailing list submissions to<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
><br>
> To subscribe or unsubscribe via the World Wide Web, visit<br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> or, via email, send a message with subject or body 'help' to<br>
> <a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a><br>
><br>
> You can reach the person managing the list at<br>
> <a href="mailto:squid-users-owner@lists.squid-cache.org" target="_blank">squid-users-owner@lists.squid-cache.org</a><br>
><br>
> When replying, please edit your Subject line so it is more specific<br>
> than "Re: Contents of squid-users digest..."<br>
><br>
><br>
> Today's Topics:<br>
><br>
> 1. Re: squid-users Digest, Vol 103, Issue 21 (Francisco)<br>
><br>
><br>
> ----------------------------------------------------------------------<br>
><br>
> Message: 1<br>
> Date: Mon, 27 Mar 2023 18:09:10 -0400<br>
> From: Francisco <<a href="mailto:frizquierdo87@gmail.com" target="_blank">frizquierdo87@gmail.com</a>><br>
> To: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> Subject: Re: [squid-users] squid-users Digest, Vol 103, Issue 21<br>
> Message-ID:<br>
> <CAJXDObaQz4X2g=<br>
> <a href="mailto:Y5Uh3U6NPmoafA-RygPWMvfED6bEYNszf_uA@mail.gmail.com" target="_blank">Y5Uh3U6NPmoafA-RygPWMvfED6bEYNszf_uA@mail.gmail.com</a>><br>
> Content-Type: text/plain; charset="utf-8"<br>
><br>
> Sorry, I don't understand how to combine *ext_sql_session_acl* with<br>
> anothers acl of type dstdomain for example, becasue I need calc user's<br>
> cuote only for an certains sites (domains, and sites).<br>
><br>
><br>
> El lun, 27 mar 2023 a las 8:00, <<a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a><br>
> ><br>
> escribi?:<br>
><br>
> > Send squid-users mailing list submissions to<br>
> > <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> ><br>
> > To subscribe or unsubscribe via the World Wide Web, visit<br>
> > <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> > or, via email, send a message with subject or body 'help' to<br>
> > <a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a><br>
> ><br>
> > You can reach the person managing the list at<br>
> > <a href="mailto:squid-users-owner@lists.squid-cache.org" target="_blank">squid-users-owner@lists.squid-cache.org</a><br>
> ><br>
> > When replying, please edit your Subject line so it is more specific<br>
> > than "Re: Contents of squid-users digest..."<br>
> ><br>
> ><br>
> > Today's Topics:<br>
> ><br>
> > 1. Re: squid 5.7 Bad request from parent cache after squid -k<br>
> > reconfigure (Amos Jeffries)<br>
> ><br>
> ><br>
> > ----------------------------------------------------------------------<br>
> ><br>
> > Message: 1<br>
> > Date: Mon, 27 Mar 2023 05:05:02 +1300<br>
> > From: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>><br>
> > To: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> > Subject: Re: [squid-users] squid 5.7 Bad request from parent cache<br>
> > after squid -k reconfigure<br>
> > Message-ID: <<a href="mailto:bfd2a571-02d1-2cff-690c-59caf55a0338@treenet.co.nz" target="_blank">bfd2a571-02d1-2cff-690c-59caf55a0338@treenet.co.nz</a>><br>
> > Content-Type: text/plain; charset=UTF-8; format=flowed<br>
> ><br>
> > On 24/03/2023 2:34 pm, Francisco wrote:<br>
> > > Hi, (first Iapologize for my English) I have a local squid proxy in<br>
> > > forward mode, with parent cache. I'm trying calc and restrict<br>
> > > authenticated users that reach the assigned cuote on certains domains<br>
> > > and sites, and for that I store the access log into database that<br>
> > > match determinates ACL.<br>
> ><br>
> > > Every one minute run an script that calc http_size for every user from<br>
> > > database (leaving out logs records derived from TCP_HIT_, zero size,<br>
> > > NONE, etc, etc), and those users that get her assigned limit, I put<br>
> > > them into a file (that point to an access deny_rule), and make squid<br>
> > > -k reconfigure.<br>
> ><br>
> > Constantly reconfiguring Squid has a large number of side effects such<br>
> > as the one you noticed. Avoiding that is a good idea.<br>
> ><br>
> > I recommend having a table in the database with the details about<br>
> > whether a user is allowed (or not). The ext_sql_session_acl helper can<br>
> > check that table to allow/deny users.<br>
> > ?<<br>
> <a href="http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html" rel="noreferrer" target="_blank">http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html</a><br>
> > ><br>
> ><br>
> ><br>
> > HTH<br>
> > Amos<br>
> ><br>
> ><br>
> > ------------------------------<br>
> ><br>
> > Subject: Digest Footer<br>
> ><br>
> > _______________________________________________<br>
> > squid-users mailing list<br>
> > <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> > <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
> ><br>
> ><br>
> > ------------------------------<br>
> ><br>
> > End of squid-users Digest, Vol 103, Issue 21<br>
> > ********************************************<br>
> ><br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL: <<br>
> <a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20230327/48f4c47d/attachment-0001.htm" rel="noreferrer" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/attachments/20230327/48f4c47d/attachment-0001.htm</a><br>
> ><br>
><br>
> ------------------------------<br>
><br>
> Subject: Digest Footer<br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
> ------------------------------<br>
><br>
> End of squid-users Digest, Vol 103, Issue 22<br>
> ********************************************<br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20230328/fd60a036/attachment-0001.htm" rel="noreferrer" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/attachments/20230328/fd60a036/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 103, Issue 23<br>
********************************************<br>
</blockquote></div>