[squid-users] squid3.4 - MySQL, PHP script - block websites

Sun Nov 15 19:37:51 UTC 2015

Hey Jens,

PHP failed long time ago to work nicely with squid.
Do you think that SquidBlocker can fit your needs?
You can understand what it is at:
http://ngtech.co.il/squidblocker/

I think it might feet your needs just right.
Python\perl\php will fit to a very small services while not utilizing 
concurrency by nature which SquidBlocker does by default.

Eliezer

* Feel free to contact me offlist for more info(special packaging etc..)

On 14/11/2015 03:20, Jens Kallup wrote:
> Hello,
>
> I have problems to block web sites  listet in mysql database.
> When i start the script below, it works, but squid3.4 give me log output;
>
> 2015/11/14 01:27:40 kid1| helperHandleRead: unexpected read from
> blockscript #Hlpr0, 3 bytes 'OK
>
> how can i fix that problem ?
>
> Thanks in advice
> Jens
>
> #!/usr/bin/php
> <?php
> $db = new mysqli("<server>", "<user>", "<password>", "<database>");
> if ($db->connect_error > 0) {
>      die(fwrite(STDOUT,"ERR\n"));
> }
> while (!feof(STDIN))
> {
>      $i = trim(fgets(STDIN));
>      $s = explode(" ", $i);
>      $dst = $s[0];
>      $row = array();
>      $query = "SELECT * FROM squid WHERE name = '$dst'";
>      if ($res = $db->query($query)) {
>          $row = $res->fetch_row();
>          $rec = $res->num_rows;
>          if (($row[2] == 1) || ($rec < 1))
>             fwrite(STDOUT,"ERR\n"); else
>             fwrite(STDOUT,"OK\n");
>          $res->close();
>      }
> }
> $db->close();
> ?>
>
>
> this is my squid.config
>
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /sap/squid/passwd
> auth_param basic children 4
> auth_param basic utf8 on
> auth_param basic realm Bitte geben Sie Ihren Benutzernamen und Passwort
> fuer die Internetberechtigung ein!
> auth_param basic credentialsttl 60 minutes
> auth_param basic casesensitive on
> external_acl_type blockscript %DST /usr/bin/php /sap/squid/block.php
> acl localnet src 192.168.178.7
> acl ncsa_users proxy_auth REQUIRED
> acl mysql_block external blockscript
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access deny mysql_block
> http_access allow localhost ncsa_users
> http_access allow localnet  ncsa_users
> # And finally deny all other access to this proxy
> http_access deny all
> http_port 3128
> cache_mgr jkallup at web.de
> cache_effective_user squid
> # We recommend you to use at least the following line.
> hierarchy_stoplist cgi-bin ?
> cache_dir ufs /sap/var/spool/squid 64 16 128
> cache_access_log /sap/squid/log/access.log
> cache_log        /sap/squid/log/cache.log
> cache_store_log  /sap/squid/log/store.log
> # Leave coredumps in the first cache dir
> coredump_dir /sap/var/spool/squid
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:           1440    20% 10080
> refresh_pattern ^gopher:        1440    0%  1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20% 4320
> logformat squid  %tl.%03tu %6tr %>a %un %Ss/%03>Hs %<st %rm %ru %Sh/%<A %mt
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users