[squid-dev] External ACL Feed, helper?

Eliezer Croitor ngtech1ltd at gmail.com
Tue Jul 7 22:39:03 UTC 2020


Thanks Alex,

I do hope that most admins can do it themselves.

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com

-----Original Message-----
From: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
Sent: Tuesday, July 7, 2020 9:15 PM
To: squid-dev at lists.squid-cache.org
Cc: Eliezer Croitor
Subject: Re: [squid-dev] External ACL Feed, helper?

On 7/7/20 1:00 PM, Eliezer Croitor wrote:

> let say I have a set of regex for sni which are bypassed or IP addresses
> that are allowed etc...
> Then with an automated update script that will validate that an update is
> possible and required, an update and reconfiguration will be applied.

I do not think it is a good idea to add such a script to the Squid
repository because such a script will have virtually no Squid-specific
code (and a lot of environment/business logic specifics that would be
impossible to properly support in a simple sample script).

Admins can easily script the "git pull && squid -k reconfigure" idea.
There is no point in providing that kind of a sample. I can think of
dozens of enhancements to that idea, but most of them are not about
Squid, and most of them are environment-specific, making them poor
candidate for inclusion in the official Squid repository.


Cheers,

Alex.


> -----Original Message-----
> From: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
> Sent: Tuesday, July 7, 2020 4:54 PM
> To: Eliezer Croitor; squid-dev at lists.squid-cache.org
> Subject: Re: [squid-dev] External ACL Feed, helper?
> 
> On 7/7/20 1:08 AM, Eliezer Croitor wrote:
> 
>> I think that many proxy admins would like to have a script that will
>> help them to update their ACLs from a feed.
>>
>> Ie they have a DB or a GIT repository that contains their ACLs data like
>> IP addresses, domain names, sni patterns etc.
> 
> * External ACL updates without Squid reconfiguration is available today.
> 
> * Built-in ACL updates via Squid reconfiguration is available today.
> 
> * Built-in ACL updates without full Squid reconfiguration is planned,
> but it is a relatively complex low-priority project with no ETA.
> Sponsors welcome.
> 
> 
>> Would it be possible to add such helper to the project sources?
> 
> If you are talking about a script that will automatically update an
> external ACL helper configuration file based on DB/git/etc. interaction,
> then I do not think it is a good idea to add such a script to the Squid
> repository because such a script will have virtually no Squid-specific
> code (and a lot of environment/business logic specifics that would be
> impossible to properly support in a simple sample script).
> 
> If you are talking about built-in ACL updates without full Squid
> reconfiguration (i.e. the last bullet above), then such a feature does
> not need an external Squid helper. It needs Squid code enhancements.
> Most likely, it will be triggered by a standard reconfiguration signal
> (but will zero-in on changed ACL parameter files by comparing file
> timestamps).
> 
> 
> Thank you,
> 
> Alex.
> 




More information about the squid-dev mailing list