[squid-users] URL list from a URL

Eliezer Croitoru eliezer at ngtech.co.il
Wed Mar 22 18:20:14 UTC 2017


Almost, What I was talking about and meant was to take the current official StoreID helper written in perl and remove the parts of the ID replacement while leaving the regex matching intact.
Then pass to the StoreID helper the url and the source IP and let it match the url to the regex from the list in the "DB file".
If it matches either return OK or ERR depends on the intention of the helper.
...The X code have almost everything needed so just convert it.
I am offering to convert it if there is some interest in it.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Rousskov
Sent: Wednesday, March 22, 2017 6:10 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] URL list from a URL

On 03/22/2017 09:25 AM, Eliezer Croitoru wrote:

> I didn't meant by convert the StoreID helper to convert it into an external_acl helper....
> It has both OK and ERR and a "checklist" which would be a match or not.

Sigh. The combination of your answers does not make any sense to me.
Squid does not use StoreID helpers to block access, regardless of what a StoreID helper returns. It is certainly possible to take some StoreID helper code and make an external_acl helper out of it, but that falls under my option #2.

Perhaps what you meant to say is something like "Use StoreID helper X available at Y to implement option #2 -- that X code has everything you need!"?

Alex.


> -----Original Message-----
> From: Alex Rousskov [mailto:rousskov at measurement-factory.com]
> Sent: Wednesday, March 22, 2017 3:51 PM
> To: squid-users at lists.squid-cache.org
> Cc: Eliezer Croitoru <eliezer at ngtech.co.il>
> Subject: Re: [squid-users] URL list from a URL
> 
> On 03/21/2017 06:17 PM, Eliezer Croitoru wrote:
>> The current StoreID helper can be converted pretty fast into what he needs.
> 
> Jason needs to block access. How can a [converted] StoreID helper 
> block access without becoming an external_acl helper?
> 
> Alex.
> 
>> -----Original Message-----
>> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] 
>> On Behalf Of Alex Rousskov
>> Sent: Tuesday, March 21, 2017 11:43 PM
>> To: squid-users at lists.squid-cache.org
>> Subject: Re: [squid-users] URL list from a URL
>>
>> On 03/21/2017 02:30 PM, Jason B. Nance wrote:
>>
>>> I should have mentioned that I'm not caching, I'm only using Squid 
>>> for whitelisting in this case.  Would you still say this is the 
>>> right path?
>>
>> No. You probably have two better options:
>>
>> 1. Use a file with list of mirror URLs as an ACL parameter. Write a 
>> script that updates that file and reconfigures Squid as needed. 
>> Please keep in mind that Squid reconfiguration is currently a 
>> relatively heavy/intrusive operation, even if there were not changes 
>> except for that single ACL.
>>
>> 2. Write an external_acl helper that will consult the mirror list. 
>> This will make each HTTP transaction a little slower (because it 
>> needs to go to the helper) but eliminates reconfigurations. The 
>> helper itself or some other script will still need to update the 
>> mirror list as needed, of course.
>>
>>
>> HTH,
>>
>> Alex.
>>
>>
>>
>>
>>>> Hello,
>>>>
>>>> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which retrieves the list of URLs from another URL (similar to pointing to a file).  In this specific use case it is to allow a Foreman server to sync Yum content from the CentOS mirrors.  I tell Foreman to use the following URL:
>>>>
>>>> http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
>>>>
>>>> Which returns a list of URLs, such as:
>>>>
>>>> http://repo1.dal.innoscale.net/centos/7.3.1611/updates/x86_64/
>>>> http://linux.mirrors.es.net/centos/7.3.1611/updates/x86_64/
>>>> http://reflector.westga.edu/repos/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.jax.hugeserver.com/centos/7.3.1611/updates/x86_64/
>>>> http://ftp.linux.ncsu.edu/pub/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.nexcess.net/CentOS/7.3.1611/updates/x86_64/
>>>> http://mirror.web-ster.com/centos/7.3.1611/updates/x86_64/
>>>> http://centos.host-engine.com/7.3.1611/updates/x86_64/
>>>> http://mirror.raystedman.net/centos/7.3.1611/updates/x86_64/
>>>> http://mirror.linux.duke.edu/pub/centos/7.3.1611/updates/x86_64/
>>>>
>>>> Foreman then starts a new HTTP connection (not a redirect) to attempt to connect to those in turn until it works.
>>>>
>>>> So I would like to configure Squid to allow the Foreman server access to any of those URLs (the list changes somewhat often).
>>>>
>>>> I started to go down the external_acl_type but am wondering if I'm missing something obvious.
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list