<div dir="ltr">Hello! <br><br>For get it worked I used the next things:<br><br>1. In squid.conf <br> external_acl_type ext_proxy_url_acl_type ttl=10 children-max=30 children-startup=5 ipv4 %LOGIN %DST /etc/squid/ext_helper/ext_acl_urls.py<br>2. Inside of my acl_url_direct.conf<br> acl proxy_direct_url_mark_acl external ext_proxy_url_acl_type<br> acl proxy_direct_url_acl note url_name passed<br>3. Inside of http_acces.conf<br><br> http_access deny proxy_direct_url_mark_acl !all<br><br>4. The my owned helper reads the incoming arguments like login and dst url and then checks url in the DB, then replies something like:<br> OK url_name=passed (if url is in DB)<br> or <br> ERR <br> And of course If I got the OK I can use the acl called "proxy_direct_url_acl" in policy I wanted. <br><br>My case as a whole is to pass the URL to the cache_peers, but some URL must be proxying on the server (without forwarding to the cache_peers). <br>This was so curious to know how the squid parses these URL's (to prevent the problems in the future). <br> <br> <br><br>Best Regards.<br>Alexey</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">сб, 22 июл. 2023 г. в 12:12, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 22/07/23 17:20, Alexeyяр Gruzdov wrote:<br>
> Wow…<br>
> Thank you so much !<br>
> <br>
> For now I used a simple .py script that checks if url is in table and <br>
> send reply OK or ERR, depends from result.<br>
> <br>
> But allow ask you - how squid parse the url???<br>
> I think it uses the regexp, is that true???<br>
<br>
All parsers in the 'squid' binary perform full parse with validation.<br>
<br>
<br>
> <br>
> Because for example if I add the url to DB like <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <br>
> ( base url name)<br>
> And if the proxy request will be even like to <a href="http://example.com/page1/" rel="noreferrer" target="_blank">example.com/page1/</a> <br>
> - this will be matched. That’s great.<br>
> <br>
<br>
Oh, there are many moving parts involved there.<br>
<br>
First is the HTTP request URL that Squid received, it could be any of <br>
origin-form, authority-form, or relative-url.<br>
<br>
(... probably you configured Squid to only send the URL domain name to <br>
the helper.)<br>
<br>
Second is what details you configured the external_acl_type directive to <br>
pass on.<br>
<br>
Third is how the helper receives its input. The helper I suggested uses <br>
Perl string split to separate the concurrency channel-ID from the UID <br>
portion and pack("H*",...) for binary safety.<br>
<br>
Fourth is how the helper is using its input to lookup the database.<br>
The helper I suggested uses SQL "=" operator, whose matching is <br>
string-wise exact equality.<br>
<br>
As far as I know only the Perl string split is potentially using regex, <br>
but not in any way which would case the behaviour you describe.<br>
<br>
If you are still using your own custom helper, look into how it is doing <br>
those third and fourth things.<br>
<br>
<br>
HTH<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>