[squid-users] External ACL
Amos Jeffries
squid3 at treenet.co.nz
Wed May 24 13:11:12 UTC 2017
On 24/05/17 01:02, avi_h wrote:
> Hi Amos,
>
> Thanks for your reply.
>
> What I mean is that so far I only used squid_db_auth and it works great but
> now I have a need to allow certain IPs on top of allowing users.
> Since the IPs are not constant, I need a way to handle the allowed IPs
> dynamically.
Ah, okay.
So, I'm a little hesitant to advise this since it is not clear why the
shell script is operating so bad - the same problem might still occur if
it wasn't the script itself...
Anyway, I recommend trying the ext_sql_session_acl helper. Your use-case
is almost exactly the one wrote it for. It uses arbitrary database
table of "keys" (eg the %SRC IP addresses in this case) so you can
manage the list of IPs in DB the same as you do for the auth user accounts.
> As for the amount of traffic, there is no traffic on this server at the
> moment, I'm only using it for testing.
> As for the http_access, I have the following:
>
> http_access allow localnet
> http_access allow localhost
> http_access allow allowed_ips
>
> I even commented out localnet for the test and it didn't work.
>
> Any other ideas other than the fact its in bash?
Not really. Bash should normally work fine, the SMB auth helpers are
pretty much the same to what you wrote - just calling other applications
than grep. So I'm very puzzled about what is going wrong there myself.
Amos
More information about the squid-users
mailing list