[squid-users] url_rewrite_program and ACLs
Amos Jeffries
squid3 at treenet.co.nz
Wed Nov 8 16:21:38 UTC 2017
On 09/11/17 03:12, Vieri wrote:
> Thanks. I defined the following, and it worked as expected:
>
> url_rewrite_access deny allowed_domains
> url_rewrite_access deny allowed_ips
> url_rewrite_program /usr/bin/squidGuard
> url_rewrite_children 80 startup=10 idle=3
>
>
> How can I rewrite a URL in squid without a helper such as SG?
> ie. how can emulate SG's "rew" in squid.conf?
That depends on the rew(rite) substitutions being made, and more
specifically what your intended end-goal behind having it was.
Usually what it is used for is emulate the denial of a request, or to
redirect it somewhere specific.
* Denial is better done by "http_access deny ...". No rewrite/redirect
necessary at all.
* Redirect is better done by using deny_info to change what action
'deny' means for a particular ACL. Like so:
acl foo ...
http_access deny foo
deny_info 302:http://example.com/ foo
In Squid-3.2+ the deny_info URL portion can use logformat macros for
dynamic redirection - like the "rew" substitutions only changing
portions of the URL.
Time constraints are added by using a time ACL on the original *_access
line to limit when the foo ACL gets checked (aka. takes effect).
NP: The SG documented example for use of "rew" (diverting traffic to a
local server during work hours) is better performed by a cache_peer
directing traffic to a local server, and cache_peer_access ACLs
determining what and when traffic gets delivered there. No denials,
redirects, or rewrites necessary.
Amos
More information about the squid-users
mailing list