[squid-users] squid3 : Really need to use external (slow) acl with peer_cache_access

hoper at free.fr hoper at free.fr
Wed Jan 25 09:29:42 UTC 2017 

Hi everybody,

I really try to find a answer with google, and within
the archives of this mailing list but couldn't find anything
so... here I am...

I need to select a squid parent based on the login of the
user (and others things). With squid 2.7, I had a configuration
like this one :

-------------------------------------------------------------
cache_peer 169.254.1.1 parent 3128 0 default name=parent1
cache_peer 169.254.1.2 parent 3128 0 default name=parent2
[...] (many parents)

external_acl_type choose_parent ttl=60,children-max=1 %EXT_USER %SRC %LOGIN %ACL /home/user/myhelper.sh
acl p0 external choose_parent

external_acl_type myparent1 ttl=60,children-max=1 %ACL %EXT_USER  /home/user/another_helper
acl p1 external myparent1
external_acl_type myparent2 ttl=60,children-max=1 %ACL %EXT_USER  /home/user/another_helper
acl p2 external myparent2
[...]

cache_peer_access parent1 allow p1
cache_peer_access parent2 allow p2
[...]

cache_peer_access path1 deny all
cache_peer_access path2 deny all
[...]

---------------------------------------------------------------

The idea is to deny all squid parents except the one I want this user
(with this specific IP and so on) to use.

But with squid3, I just have lot's of error in cache.log:

2017/01/25 10:22:16.053 kid1| external_acl.cc(868) aclMatchExternal: myparent1("p1 p1") = lookup needed
2017/01/25 10:22:16.053 kid1| external_acl.cc(871) aclMatchExternal: "p1 p1": queueing a call.
2017/01/25 10:22:16.053 kid1| Checklist.cc(115) goAsync: 0x7fff415cf470 a fast-only directive uses a slow ACL!
2017/01/25 10:22:16.053 kid1| external_acl.cc(873) aclMatchExternal: "p1 p1": no async support!
2017/01/25 10:22:16.053 kid1| external_acl.cc(874) aclMatchExternal: "p1 p1": return -1.

The documentation made it perfectly clear that "cache_peer_acccess" is a "fast ACL" that can only use fast ones...
But I really need to use external "slow" acl. Please, is there a way to do it ?
Again, this was working in 2.7 :(

Thanks you very much.

More information about the squid-users mailing list