[squid-dev] External ACL Feed, helper?
Eliezer Croitor
ngtech1ltd at gmail.com
Tue Jul 7 22:39:03 UTC 2020
Thanks Alex,
I do hope that most admins can do it themselves.
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: Alex Rousskov [mailto:rousskov at measurement-factory.com]
Sent: Tuesday, July 7, 2020 9:15 PM
To: squid-dev at lists.squid-cache.org
Cc: Eliezer Croitor
Subject: Re: [squid-dev] External ACL Feed, helper?
On 7/7/20 1:00 PM, Eliezer Croitor wrote:
> let say I have a set of regex for sni which are bypassed or IP addresses
> that are allowed etc...
> Then with an automated update script that will validate that an update is
> possible and required, an update and reconfiguration will be applied.
I do not think it is a good idea to add such a script to the Squid
repository because such a script will have virtually no Squid-specific
code (and a lot of environment/business logic specifics that would be
impossible to properly support in a simple sample script).
Admins can easily script the "git pull && squid -k reconfigure" idea.
There is no point in providing that kind of a sample. I can think of
dozens of enhancements to that idea, but most of them are not about
Squid, and most of them are environment-specific, making them poor
candidate for inclusion in the official Squid repository.
Cheers,
Alex.
> -----Original Message-----
> From: Alex Rousskov [mailto:rousskov at measurement-factory.com]
> Sent: Tuesday, July 7, 2020 4:54 PM
> To: Eliezer Croitor; squid-dev at lists.squid-cache.org
> Subject: Re: [squid-dev] External ACL Feed, helper?
>
> On 7/7/20 1:08 AM, Eliezer Croitor wrote:
>
>> I think that many proxy admins would like to have a script that will
>> help them to update their ACLs from a feed.
>>
>> Ie they have a DB or a GIT repository that contains their ACLs data like
>> IP addresses, domain names, sni patterns etc.
>
> * External ACL updates without Squid reconfiguration is available today.
>
> * Built-in ACL updates via Squid reconfiguration is available today.
>
> * Built-in ACL updates without full Squid reconfiguration is planned,
> but it is a relatively complex low-priority project with no ETA.
> Sponsors welcome.
>
>
>> Would it be possible to add such helper to the project sources?
>
> If you are talking about a script that will automatically update an
> external ACL helper configuration file based on DB/git/etc. interaction,
> then I do not think it is a good idea to add such a script to the Squid
> repository because such a script will have virtually no Squid-specific
> code (and a lot of environment/business logic specifics that would be
> impossible to properly support in a simple sample script).
>
> If you are talking about built-in ACL updates without full Squid
> reconfiguration (i.e. the last bullet above), then such a feature does
> not need an external Squid helper. It needs Squid code enhancements.
> Most likely, it will be triggered by a standard reconfiguration signal
> (but will zero-in on changed ACL parameter files by comparing file
> timestamps).
>
>
> Thank you,
>
> Alex.
>
More information about the squid-dev
mailing list